From 0bf245bf8a031d12aec77e68dbc627247255eeb0 Mon Sep 17 00:00:00 2001
From: Dale Curtis <dalecurtis@chromium.org>
Date: Tue, 29 Jul 2025 22:05:19 +0000
Subject: [PATCH] [flac] Fix integer-overflow in flac_lpc_33_c

This fix copies a couple of casts from surrounding functions.
See https://crbug.com/432528781 for stack trace details.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
---
 libavcodec/flacdsp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/flacdsp.c b/libavcodec/flacdsp.c
index f5362bf66f..dd2af7900c 100644
--- a/libavcodec/flacdsp.c
+++ b/libavcodec/flacdsp.c
@@ -94,7 +94,7 @@ static void flac_lpc_33_c(int64_t *decoded, const int32_t *residual,
         int64_t sum = 0;
         for (j = 0; j < pred_order; j++)
             sum += (int64_t)coeffs[j] * (uint64_t)decoded[j];
-        decoded[j] = residual[i] + (sum >> qlevel);
+        decoded[j] = (uint64_t)residual[i] + (unsigned)(sum >> qlevel);
     }
 }
 
-- 
2.50.1.552.g942d659e1b-goog