From ce81e47c911fcff4f006b3b14b40a396eaa77696 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Wed, 1 Jul 2015 20:29:44 +0200
Subject: [PATCH] avcodec/mss2: Fix integer overflow

This also simplifies the code
Fixes: signal_sigabrt_7ffff6ac8cc9_2943_cov_3588637614_mss2_speech.wmv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/mss2.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/mss2.c b/libavcodec/mss2.c
index f57685d7b1..f788143dd0 100644
--- a/libavcodec/mss2.c
+++ b/libavcodec/mss2.c
@@ -52,9 +52,9 @@ static void arith2_normalise(ArithCoder *c)
             c->value ^= 0x8000;
             c->low   ^= 0x8000;
         }
-        c->high  = c->high  << 8 & 0xFFFFFF | 0xFF;
-        c->value = c->value << 8 & 0xFFFFFF | bytestream2_get_byte(c->gbc.gB);
-        c->low   = c->low   << 8 & 0xFFFFFF;
+        c->high  = (uint16_t)c->high  << 8  | 0xFF;
+        c->value = (uint16_t)c->value << 8  | bytestream2_get_byte(c->gbc.gB);
+        c->low   = (uint16_t)c->low   << 8;
     }
 }