FLUSH(msb_32): signed-integer-overflow third_party/libaec/src/decode.c:192

[schwehr]

I think this comes out of the FLUSH(msb_32) macro. Hard to give a good bug report through the preprocessor wrapping

third_party/libaec/src/decode.c:192:1: runtime error: signed integer overflow: 1073741823 - -1450445576 cannot be represented in type 'int'
    #0 0x559a4abe85e0 in flush_msb_32 third_party/libaec/src/decode.c:192:1
    #1 0x559a4abeb7a2 in aec_decode third_party/libaec/src/decode.c:815:5
    #2 0x559a4abeb9e0 in aec_buffer_decode third_party/libaec/src/decode.c:839:14
    #3 0x559a4abe4e8d in LLVMFuzzerTestOneInput third_party/libaec/fuzzing/fuzz_target.cc:32:9

SUMMARY: UndefinedBehaviorSanitizer: signed-integer-overflow third_party/libaec/src/decode.c:192:1 in 
MS: 0 ; base unit: 0000000000000000000000000000000000000000
0xff,0xc0,0x0,0xf0,0x80,0x8,0x30,0x7a,0x5,0x0,0x1,0xc,0x0,0xff,0x31,0x7e,0x9f,0x6,0x2d,0x0,
\xff\xc0\x00\xf0\x80\x080z\x05\x00\x01\x0c\x00\xff1~\x9f\x06-\x00
artifact_prefix='./'; Test unit written to ./crash-87029b9dd81e847aecc42d5a6b46507e4e633ed8
Base64: /8AA8IAIMHoFAAEMAP8xfp8GLQA=

[MathisRosenhauer]

This is the one I mentioned in #6 . It's the inverse of what is done there.