summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2013-12-23 18:09:58 +0100
committerMichael Niedermayer <michaelni@gmx.at>2014-01-21 16:42:32 +0100
commit5f56e495aea44bd43d24e237e898b8a8aa6726e6 (patch)
treeed7a0128457354cfe3f7f006ee94a9edb47aae7b
parentfedbba5ea051a8d3f15907d4ffe10eb24da8b47b (diff)
downloadffmpeg-5f56e495aea44bd43d24e237e898b8a8aa6726e6.tar.gz
avcodec/apedec: more checks for k
Fixes assertion failure Fixes part of msan_uninit-mem_7fa0d8c8bd58_8417_sh3.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d5128fce38646d3f64c55feda42084888ba0e87e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r--libavcodec/apedec.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index ea71ea0ef3..325f36d6a6 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -603,10 +603,14 @@ static void decode_array_0000(APEContext *ctx, GetBitContext *gb,
rice->ksum += out[i];
}
rice->k = av_log2(rice->ksum / 10) + 1;
+ if (rice->k >= 24)
+ return;
for (; i < 64; i++) {
out[i] = get_rice_ook(&ctx->gb, rice->k);
rice->ksum += out[i];
rice->k = av_log2(rice->ksum / ((i + 1) * 2)) + 1;
+ if (rice->k >= 24)
+ return;
}
ksummax = 1 << rice->k + 7;
ksummin = rice->k ? (1 << rice->k + 6) : 0;