From 042260cde4ecf716438c5fc92d15ad5f037ee2e1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 3 May 2015 15:54:21 +0200 Subject: [PATCH] avcodec/wavpack: Check L/R values before use to avoid harmless integer overflow and undefined behavior in fate Signed-off-by: Michael Niedermayer --- libavcodec/wavpack.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 1ad3901600..b51a21cc9d 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -472,6 +472,14 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb, s->decorr[i].samplesB[0] = L; } } + + if (type == AV_SAMPLE_FMT_S16P) { + if (FFABS(L) + FFABS(R) > (1<<19)) { + av_log(s->avctx, AV_LOG_ERROR, "sample %d %d too large\n", L, R); + return AVERROR_INVALIDDATA; + } + } + pos = (pos + 1) & 7; if (s->joint) L += (R -= (L >> 1));