[FFmpeg-cvslog] wavpack: limit extra_bits to 32 and use get_bits_long

[Andreas Cadhalpun]

ffmpeg | branch: master | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Thu Jul  2 23:05:05 2015 +0200| [d0eff8857ceff2601f85037c930cbe61a88b611e] | committer: Andreas Cadhalpun

wavpack: limit extra_bits to 32 and use get_bits_long

More than 32 bits can't be stored in an integer and get_bits should not
be used with more than 25 bits.

Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d0eff8857ceff2601f85037c930cbe61a88b611e
---

 libavcodec/wavpack.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index d91b66c..554367b 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -271,7 +271,7 @@ static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc,
 
         if (s->got_extra_bits &&
             get_bits_left(&s->gb_extra_bits) >= s->extra_bits) {
-            S   |= get_bits(&s->gb_extra_bits, s->extra_bits);
+            S   |= get_bits_long(&s->gb_extra_bits, s->extra_bits);
             *crc = *crc * 9 + (S & 0xffff) * 3 + ((unsigned)S >> 16);
         }
     }
@@ -835,7 +835,11 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
                 continue;
             }
             bytestream2_get_buffer(&gb, val, 4);
-            if (val[0]) {
+            if (val[0] > 32) {
+                av_log(avctx, AV_LOG_ERROR,
+                       "Invalid INT32INFO, extra_bits = %d (> 32)\n", val[0]);
+                continue;
+            } else if (val[0]) {
                 s->extra_bits = val[0];
             } else if (val[1]) {
                 s->shift = val[1];