ffmpeg | branch: master | Michael Niedermayer <mich...@niedermayer.cc> | Thu Feb 23 15:19:29 2017 +0100| [5eb04570f6609d7e9706f2ce8b61119605e3a0a2] | committer: Michael Niedermayer
avcodec/wavpack: Check post_shift Fixes: runtime error: shift exponent 34 is too large for 32-bit type 'int' Fixes: 653/clusterfuzz-testcase-5773837415219200 Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5eb04570f6609d7e9706f2ce8b61119605e3a0a2 --- libavcodec/wavpack.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 24d57f5..eeee6a6 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -681,6 +681,9 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, s->hybrid = s->frame_flags & WV_HYBRID_MODE; s->hybrid_bitrate = s->frame_flags & WV_HYBRID_BITRATE; s->post_shift = bpp * 8 - orig_bpp + ((s->frame_flags >> 13) & 0x1f); + if (s->post_shift < 0 || s->post_shift > 31) { + return AVERROR_INVALIDDATA; + } s->hybrid_maxclip = ((1LL << (orig_bpp - 1)) - 1); s->hybrid_minclip = ((-1UL << (orig_bpp - 1))); s->CRC = bytestream2_get_le32(&gb); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
