From cafd9282c0e49aea728a9fcd55acd63bf0645814 Mon Sep 17 00:00:00 2001
From: Ruud van Asseldonk <dev@veniogames.com>
Date: Wed, 22 Feb 2017 23:31:07 +0100
Subject: [PATCH] Avoid integer overflow when decoding LPC

This does not occur for valid FLAC files, but it might for invalid ones.
In that case we wrap and produce garbage, however the application should
not crash in debug mode due to Rust panicking on overflow.

This overflow was discovered by libfuzzer and cargo-fuzz.

The performance impact of this change is not significant. My benchmarks
show a larger standard deviation than the precentage improvement.
---
 src/subframe.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/subframe.rs b/src/subframe.rs
index ae6342b..7c8c681 100644
--- a/src/subframe.rs
+++ b/src/subframe.rs
@@ -529,8 +529,8 @@ fn predict_lpc(raw_coefficients: &[i16],
                                          .zip(&buffer[i..order + i])
                                          .map(|(&c, &s)| c as i64 * s as i64)
                                          .sum::<i64>() >> qlp_shift;
-        let delta = buffer[order + i];
-        buffer[order + i] = prediction as i32 + delta;
+        let delta = buffer[order + i] as i64;
+        buffer[order + i] = (prediction + delta) as i32;
     }
 
     if buffer.len() <= 12 { return Ok(()) }
@@ -543,8 +543,8 @@ fn predict_lpc(raw_coefficients: &[i16],
                                      .zip(&buffer[i - 12..i])
                                      .map(|(&c, &s)| c * s as i64)
                                      .sum::<i64>() >> qlp_shift;
-        let delta = buffer[i];
-        buffer[i] = prediction as i32 + delta;
+        let delta = buffer[i] as i64;
+        buffer[i] = (prediction + delta) as i32;
     }
 
     Ok(())