Fixes: runtime error: shift exponent 34 is too large for 32-bit type 'int'
Fixes: 653/clusterfuzz-testcase-5773837415219200
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
libavcodec/wavpack.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 24d57f57db..eeee6a6ae4 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -681,6 +681,9 @@ static int wavpack_decode_block(AVCodecContext *avctx, int
block_no,
s->hybrid = s->frame_flags & WV_HYBRID_MODE;
s->hybrid_bitrate = s->frame_flags & WV_HYBRID_BITRATE;
s->post_shift = bpp * 8 - orig_bpp + ((s->frame_flags >> 13) & 0x1f);
+ if (s->post_shift < 0 || s->post_shift > 31) {
+ return AVERROR_INVALIDDATA;
+ }
s->hybrid_maxclip = ((1LL << (orig_bpp - 1)) - 1);
s->hybrid_minclip = ((-1UL << (orig_bpp - 1)));
s->CRC = bytestream2_get_le32(&gb);
--
2.11.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
