Merge remote-tracking branch 'qatar/master'

* qatar/master:
  prores: Reject negative run and level values

See: 93c220e895a417e88a6be7df85e250c5c3f675b6
Merged-by: Michael Niedermayer <michaelni@gmx.at>

diff --git a/libavcodec/proresdec_lgpl.c b/libavcodec/proresdec_lgpl.c
index 627f98f..a57429d 100644 (file)
--- a/libavcodec/proresdec_lgpl.c
+++ b/libavcodec/proresdec_lgpl.c
@@ -394,12 +394,16 @@ static inline int decode_ac_coeffs(GetBitContext *gb, int16_t *out,
             return 0;
 
         run = decode_vlc_codeword(gb, ff_prores_ac_codebook[run_cb_index]);
+        if (run < 0)
+            return AVERROR_INVALIDDATA;
 
         bits_left = get_bits_left(gb);
         if (bits_left <= 0 || (bits_left <= 8 && !show_bits(gb, bits_left)))
             return AVERROR_INVALIDDATA;
 
         level = decode_vlc_codeword(gb, ff_prores_ac_codebook[lev_cb_index]) + 1;
+        if (level < 0)
+            return AVERROR_INVALIDDATA;
 
         pos += run + 1;
         if (pos >= max_coeffs)