Prevent integer overflow in init_get_bits by validating that packet size multiplied by 8 does not exceed INT_MAX.
Signed-off-by: 0xBat <[email protected]> --- libavcodec/qdm2.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c index b2136c6824..2eb1f3be99 100644 --- a/libavcodec/qdm2.c +++ b/libavcodec/qdm2.c @@ -978,6 +978,8 @@ static int process_subpacket_9(QDM2Context *q, QDM2SubPNode *node) GetBitContext gb; int i, j, k, n, ch, run, level, diff; + if (node->packet->size > INT_MAX / 8) + return AVERROR_INVALIDDATA; init_get_bits(&gb, node->packet->data, node->packet->size * 8); n = coeff_per_sb_for_avg[q->coeff_per_sb_select][QDM2_SB_USED(q->sub_sampling) - 1] + 1; -- 2.52.0.windows.1 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
