avcodec/apedec: Check length in long_filter_high_3800()

Fixes out of array read Fixes: 0a7ff0c1d93da9cef28a315ec91b692a/asan_heap-oob_4a52e5_3604_9c56dbb20e308f4faeef7b35f688521a.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cd7524fdd13dc8d0cf22e2cfd8300a245542b13a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2015-12-02 21:16:27 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2015-12-06 02:51:27 +0100
commit: d295ddffe138de7a17337bc88c39425e13fd073a (patch)
tree: 1beffd89e42d38200bf79f06fd768675a289e1d8
parent: aab65146afd83240087523636fa761724b0e9670 (diff)
download: ffmpeg-d295ddffe138de7a17337bc88c39425e13fd073a.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 5536e0f8b1..c6eae55c4e 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -892,6 +892,9 @@ static void long_filter_high_3800(int32_t *buffer, int order, int shift, int len
     int32_t dotprod, sign;
     int32_t coeffs[256], delay[256];
 
+    if (order >= length)
+        return;
+
     memset(coeffs, 0, order * sizeof(*coeffs));
     for (i = 0; i < order; i++)
         delay[i] = buffer[i];
author	Michael Niedermayer <michael@niedermayer.cc>	2015-12-02 21:16:27 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 02:51:27 +0100
commit	d295ddffe138de7a17337bc88c39425e13fd073a (patch)
tree	1beffd89e42d38200bf79f06fd768675a289e1d8
parent	aab65146afd83240087523636fa761724b0e9670 (diff)
download	ffmpeg-d295ddffe138de7a17337bc88c39425e13fd073a.tar.gz