avcodec/shorten: Check k in get_uint()

Fixes: undefined shift Fixes: 1371/clusterfuzz-testcase-minimized-5770822591447040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7b6a51f5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/shorten: Check k in get_uint()
Fixes: undefined shift Fixes: 1371/clusterfuzz-testcase-minimized-5770822591447040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7b6a51f5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
b9289fad · Michael Niedermayer · ff27d173 · b9289fad
Commit b9289fad authored May 06, 2017 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

shorten.c libavcodec/shorten.c +4 -1

No files found.
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -156,8 +156,11 @@ static int allocate_buffers(ShortenContext *s)

 static inline unsigned int get_uint(ShortenContext *s, int k)
 {
-    if (s->version != 0)
+    if (s->version != 0) {
        k = get_ur_golomb_shorten(&s->gb, ULONGSIZE);
+        if (k > 31U)
+            return AVERROR_INVALIDDATA;
+    }
    return get_ur_golomb_shorten(&s->gb, k);
 }