[FFmpeg-cvslog] ape_decode_value_3900: check tmpk

Michael Niedermayer git at videolan.org
Thu May 2 17:32:39 CEST 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu May  2 16:45:06 2013 +0200| [8937230719ad7039ff908793f3bb2111e26e4edc] | committer: Michael Niedermayer

ape_decode_value_3900: check tmpk

Fixes division by 0

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8937230719ad7039ff908793f3bb2111e26e4edc
---

 libavcodec/apedec.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index af5ac6f..be6edd2 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -518,9 +518,13 @@ static inline int ape_decode_value_3900(APEContext *ctx, APERice *rice)
     } else
         tmpk = (rice->k < 1) ? 0 : rice->k - 1;
 
-    if (tmpk <= 16 || ctx->fileversion < 3910)
+    if (tmpk <= 16 || ctx->fileversion < 3910) {
+        if (tmpk > 23) {
+            av_log(ctx->avctx, AV_LOG_ERROR, "Too many bits: %d\n", tmpk);
+            return AVERROR_INVALIDDATA;
+        }
         x = range_decode_bits(ctx, tmpk);
-    else if (tmpk <= 32) {
+    } else if (tmpk <= 32) {
         x = range_decode_bits(ctx, 16);
         x |= (range_decode_bits(ctx, tmpk - 16) << 16);
     } else {



More information about the ffmpeg-cvslog mailing list