avcodec/apedec: Check length in long_filter_high_3800()

Fixes out of array read Fixes: 0a7ff0c1d93da9cef28a315ec91b692a/asan_heap-oob_4a52e5_3604_9c56dbb20e308f4faeef7b35f688521a.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cd7524fdd13dc8d0cf22e2cfd8300a245542b13a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2015-12-02 21:16:27 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2015-12-06 02:08:26 +0100
commit: eff24a1f13b1f5b495e94283c53beeb0531154b7 (patch)
tree: 16046bdd42493e75037f1d954a46fe3a0da1824a /libavcodec
parent: 9b28bbb10c6b5aee2c8abf9ca3a811f3cdeef269 (diff)
download: ffmpeg-eff24a1f13b1f5b495e94283c53beeb0531154b7.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 577d0aa260..7893bc320f 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -905,6 +905,9 @@ static void long_filter_high_3800(int32_t *buffer, int order, int shift,
     int i, j;
     int32_t dotprod, sign;
 
+    if (order >= length)
+        return;
+
     memset(coeffs, 0, order * sizeof(*coeffs));
     for (i = 0; i < order; i++)
         delay[i] = buffer[i];
author	Michael Niedermayer <michael@niedermayer.cc>	2015-12-02 21:16:27 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 02:08:26 +0100
commit	eff24a1f13b1f5b495e94283c53beeb0531154b7 (patch)
tree	16046bdd42493e75037f1d954a46fe3a0da1824a /libavcodec
parent	9b28bbb10c6b5aee2c8abf9ca3a811f3cdeef269 (diff)
download	ffmpeg-eff24a1f13b1f5b495e94283c53beeb0531154b7.tar.gz