apedec: check bits <= 32.
authorMichael Niedermayer <michaelni@gmx.at>
Thu, 29 Mar 2012 17:52:21 +0000 (17:52 +0000)
committerReinhard Tartler <siretart@tauware.de>
Sun, 29 Apr 2012 20:07:03 +0000 (22:07 +0200)
Fixes a floating-point exception further down.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
(cherry picked from commit 420d1df2e2a857eae45fa947e16eae7494793d57)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
libavcodec/apedec.c

index fa50d61..0abf05b 100644 (file)
@@ -404,9 +404,12 @@ static inline int ape_decode_value(APEContext *ctx, APERice *rice)
 
         if (tmpk <= 16)
             x = range_decode_bits(ctx, tmpk);
-        else {
+        else if (tmpk <= 32) {
             x = range_decode_bits(ctx, 16);
             x |= (range_decode_bits(ctx, tmpk - 16) << 16);
+        } else {
+            av_log(ctx->avctx, AV_LOG_ERROR, "Too many bits: %d\n", tmpk);
+            return AVERROR_INVALIDDATA;
         }
         x += overflow << tmpk;
     } else {