diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2017-02-23 15:19:29 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2017-02-25 22:02:23 +0100 |
| commit | 5eb04570f6609d7e9706f2ce8b61119605e3a0a2 (patch) | |
| tree | 7fcf145348ecb93aff37a9874cfa71977a44a1fc /libavcodec/wavpack.c | |
| parent | dbc7f02a727286f353624cf690cc6f430e240e25 (diff) | |
| download | ffmpeg-5eb04570f6609d7e9706f2ce8b61119605e3a0a2.tar.gz | |
avcodec/wavpack: Check post_shift
Fixes: runtime error: shift exponent 34 is too large for 32-bit type 'int'
Fixes: 653/clusterfuzz-testcase-5773837415219200
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/wavpack.c')
| -rw-r--r-- | libavcodec/wavpack.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 24d57f57db..eeee6a6ae4 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -681,6 +681,9 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, s->hybrid = s->frame_flags & WV_HYBRID_MODE; s->hybrid_bitrate = s->frame_flags & WV_HYBRID_BITRATE; s->post_shift = bpp * 8 - orig_bpp + ((s->frame_flags >> 13) & 0x1f); + if (s->post_shift < 0 || s->post_shift > 31) { + return AVERROR_INVALIDDATA; + } s->hybrid_maxclip = ((1LL << (orig_bpp - 1)) - 1); s->hybrid_minclip = ((-1UL << (orig_bpp - 1))); s->CRC = bytestream2_get_le32(&gb); |