avcodec/wavpack: Check for end of input in wv_unpack_dsd_high()

Fixes: Timeout Fixes: 50793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-4980185027444736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ad7403bce) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-12-23 12:43:46 +02:00 · 2022-09-11 12:58:58 +02:00 · 2022-09-11 12:58:58 +02:00 · 7d2360f8d6
commit 7d2360f8d6
parent 3aee1b1ec3
1 changed files with 4 additions and 0 deletions
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@ -499,6 +499,8 @@ static int wv_unpack_dsd_high(WavpackFrameContext *s, uint8_t *dst_left, uint8_t
                sp[0].fltr0 = 0;
            }

+            if (DSD_BYTE_READY(high, low) && !bytestream2_get_bytes_left(&s->gbyte))
+                return AVERROR_INVALIDDATA;
            while (DSD_BYTE_READY(high, low) && bytestream2_get_bytes_left(&s->gbyte)) {
                value = (value << 8) | bytestream2_get_byte(&s->gbyte);
                high = (high << 8) | 0xff;
@ -534,6 +536,8 @@ static int wv_unpack_dsd_high(WavpackFrameContext *s, uint8_t *dst_left, uint8_t
                sp[1].fltr0 = 0;
            }

+            if (DSD_BYTE_READY(high, low) && !bytestream2_get_bytes_left(&s->gbyte))
+                return AVERROR_INVALIDDATA;
            while (DSD_BYTE_READY(high, low) && bytestream2_get_bytes_left(&s->gbyte)) {
                value = (value << 8) | bytestream2_get_byte(&s->gbyte);
                high = (high << 8) | 0xff;