Fixes part of 1708/clusterfuzz-testcase-minimized-5035111957397504
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
libavcodec/mlpdec.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavcodec/mlpdec.c b/libavcodec/mlpdec.c
index eac19a0d5e..c0a23c5f0d 100644
--- a/libavcodec/mlpdec.c
+++ b/libavcodec/mlpdec.c
@@ -861,8 +861,13 @@ static int read_decoding_params(MLPDecodeContext *m,
GetBitContext *gbp,
if (s->param_presence_flags & PARAM_OUTSHIFT)
if (get_bits1(gbp)) {
- for (ch = 0; ch <= s->max_matrix_channel; ch++)
+ for (ch = 0; ch <= s->max_matrix_channel; ch++) {
s->output_shift[ch] = get_sbits(gbp, 4);
+ if (s->output_shift[ch] < 0) {
+ avpriv_request_sample(m->avctx, "Negative output_shift");
+ s->output_shift[ch] = 0;
+ }
+ }
if (substr == m->max_decoded_substream)
m->dsp.mlp_pack_output =
m->dsp.mlp_select_pack_output(s->ch_assign,
s->output_shift,
--
2.13.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
