avcodec/apedec: Check length in long_filter_high_3800()

Fixes out of array read Fixes: 0a7ff0c1d93da9cef28a315ec91b692a/asan_heap-oob_4a52e5_3604_9c56dbb20e308f4faeef7b35f688521a.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cd7524fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/apedec: Check length in long_filter_high_3800()
Fixes out of array read Fixes: 0a7ff0c1d93da9cef28a315ec91b692a/asan_heap-oob_4a52e5_3604_9c56dbb20e308f4faeef7b35f688521a.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cd7524fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
ce15d773 · Michael Niedermayer · 516525a1 · ce15d773
Commit ce15d773 authored Dec 02, 2015 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

apedec.c libavcodec/apedec.c +3 -0

No files found.
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -905,6 +905,9 @@ static void long_filter_high_3800(int32_t *buffer, int order, int shift,
    int i, j;
    int32_t dotprod, sign;
+    if (order >= length)
+        return;
    memset(coeffs, 0, order * sizeof(*coeffs));
    for (i = 0; i < order; i++)
        delay[i] = buffer[i];