avcodec/exr: Check remaining bits in last get code loop
authorMichael Niedermayer <michael@niedermayer.cc>
Wed, 14 Feb 2018 12:01:46 +0000 (13:01 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Sat, 17 Feb 2018 15:11:57 +0000 (16:11 +0100)
Fixes: runtime error: shift exponent -7 is negative
Fixes: 3902/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6081926122176512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd8351b1184b8054925c28ecc5fcb6dbbc177fad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/exr.c

index a62a4c8..329db66 100644 (file)
@@ -537,7 +537,7 @@ static int huf_decode(const uint64_t *hcode, const HufDec *hdecod,
     while (lc > 0) {
         const HufDec pl = hdecod[(c << (HUF_DECBITS - lc)) & HUF_DECMASK];
 
-        if (pl.len) {
+        if (pl.len && lc >= pl.len) {
             lc -= pl.len;
             get_code(pl.lit, rlc, c, lc, gb, out, oe, outb);
         } else {