diff --git a/libavformat/mvdec.c b/libavformat/mvdec.c index 69d9914fc1..713c666025 100644 --- a/libavformat/mvdec.c +++ b/libavformat/mvdec.c @@ -159,7 +159,10 @@ static int parse_audio_var(AVFormatContext *avctx, AVStream *st, st->codecpar->sample_rate = var_read_int(pb, size); avpriv_set_pts_info(st, 33, 1, st->codecpar->sample_rate); } else if (!strcmp(name, "SAMPLE_WIDTH")) { - st->codecpar->bits_per_coded_sample = var_read_int(pb, size) * 8; + uint64_t bpc = var_read_int(pb, size) * (uint64_t)8; + if (bpc > 16) + return AVERROR_INVALIDDATA; + st->codecpar->bits_per_coded_sample = bpc; } else return AVERROR_INVALIDDATA;