From 60ab4480423769ac3db487aba5232b187036c7ea Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 2 May 2013 17:24:02 +0200 Subject: [PATCH] ape_decode_value_3860: check k before using it in get_bits() Signed-off-by: Michael Niedermayer --- libavcodec/apedec.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index be6edd2f46..1f55dab851 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -489,9 +489,12 @@ static inline int ape_decode_value_3860(APEContext *ctx, GetBitContext *gb, if (!rice->k) x = overflow; - else + else if(rice->k <= MIN_CACHE_BITS) { x = (overflow << rice->k) + get_bits(gb, rice->k); - + } else { + av_log(ctx->avctx, AV_LOG_ERROR, "Too many bits: %d\n", rice->k); + return AVERROR_INVALIDDATA; + } rice->ksum += x - (rice->ksum + 8 >> 4); if (rice->ksum < (rice->k ? 1 << (rice->k + 4) : 0)) rice->k--;