avcodec/pixlet: Fix reading invalid numbers of bits

Fixes: asertion failure Fixes: 1664/clusterfuzz-testcase-minimized-6587801187385344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d32ebce8fd79bb859ba4a04c92470a052f2aafa6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2017-05-18 16:51:08 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2017-06-02 01:14:38 +0200
commit: fc7c37906077a703aaa46b718e3018900abcd751 (patch)
tree: 451f36cf93fcf88a2683801930a300966017241a
parent: 686eb3b1ed5b91fdedc0f11d8f19bf0b21505788 (diff)
download: ffmpeg-fc7c37906077a703aaa46b718e3018900abcd751.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavcodec/pixlet.c b/libavcodec/pixlet.c
index 05262648ae..0dfd5edbf7 100644
--- a/libavcodec/pixlet.c
+++ b/libavcodec/pixlet.c
@@ -229,6 +229,8 @@ static int read_high_coeffs(AVCodecContext *avctx, uint8_t *src, int16_t *dst, i
             cnt1 = get_bits(b, nbits);
         } else {
             pfx = 14 + ((((uint64_t)(value - 14)) >> 32) & (value - 14));
+            if (pfx < 1 || pfx > 25)
+                return AVERROR_INVALIDDATA;
             cnt1 *= (1 << pfx) - 1;
             shbits = show_bits(b, pfx);
             if (shbits <= 1) {
author	Michael Niedermayer <michael@niedermayer.cc>	2017-05-18 16:51:08 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2017-06-02 01:14:38 +0200
commit	fc7c37906077a703aaa46b718e3018900abcd751 (patch)
tree	451f36cf93fcf88a2683801930a300966017241a
parent	686eb3b1ed5b91fdedc0f11d8f19bf0b21505788 (diff)
download	ffmpeg-fc7c37906077a703aaa46b718e3018900abcd751.tar.gz