ape_decode_value_3900: check tmpk
Fixes division by 0 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
49ec4c7e49
commit
8937230719
@ -518,9 +518,13 @@ static inline int ape_decode_value_3900(APEContext *ctx, APERice *rice)
|
|||||||
} else
|
} else
|
||||||
tmpk = (rice->k < 1) ? 0 : rice->k - 1;
|
tmpk = (rice->k < 1) ? 0 : rice->k - 1;
|
||||||
|
|
||||||
if (tmpk <= 16 || ctx->fileversion < 3910)
|
if (tmpk <= 16 || ctx->fileversion < 3910) {
|
||||||
|
if (tmpk > 23) {
|
||||||
|
av_log(ctx->avctx, AV_LOG_ERROR, "Too many bits: %d\n", tmpk);
|
||||||
|
return AVERROR_INVALIDDATA;
|
||||||
|
}
|
||||||
x = range_decode_bits(ctx, tmpk);
|
x = range_decode_bits(ctx, tmpk);
|
||||||
else if (tmpk <= 32) {
|
} else if (tmpk <= 32) {
|
||||||
x = range_decode_bits(ctx, 16);
|
x = range_decode_bits(ctx, 16);
|
||||||
x |= (range_decode_bits(ctx, tmpk - 16) << 16);
|
x |= (range_decode_bits(ctx, tmpk - 16) << 16);
|
||||||
} else {
|
} else {
|
||||||
|
Loading…
Reference in New Issue
Block a user