From eb0711921bb2654e12ed75a6a60a15f45652c029 Mon Sep 17 00:00:00 2001
From: Fraunhofer IIS FDK <audio-fdk@iis.fraunhofer.de>
Date: Fri, 8 Jun 2018 18:08:23 +0200
Subject: [PATCH] Unsigned Integer Overflow in aacDecoder_DecodeFrame().

Bug: 112661742
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc

Change-Id: I617dd545f9ea0aca5a5e7d214bbc35f089bc355d
---
 libAACdec/src/aacdecoder_lib.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libAACdec/src/aacdecoder_lib.cpp b/libAACdec/src/aacdecoder_lib.cpp
index ea52bb5..b528ef1 100644
--- a/libAACdec/src/aacdecoder_lib.cpp
+++ b/libAACdec/src/aacdecoder_lib.cpp
@@ -1882,7 +1882,7 @@ aacDecoder_DecodeFrame(HANDLE_AACDECODER self, INT_PCM *pTimeData_extern,
 
     } /* USAC DASH IPF flushing possible end */
     if (accessUnit < numPrerollAU) {
-      FDKpushBack(hBsAu, auStartAnchor - FDKgetValidBits(hBsAu));
+      FDKpushBack(hBsAu, auStartAnchor - (INT)FDKgetValidBits(hBsAu));
     } else {
       if ((self->buildUpStatus == AACDEC_RSV60_BUILD_UP_ON) ||
           (self->buildUpStatus == AACDEC_RSV60_BUILD_UP_ON_IN_BAND) ||