avcodec/pixlet: Fix reading invalid numbers of bits

Fixes: asertion failure Fixes: 1664/clusterfuzz-testcase-minimized-6587801187385344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/pixlet: Fix reading invalid numbers of bits
Fixes: asertion failure Fixes: 1664/clusterfuzz-testcase-minimized-6587801187385344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
d32ebce8 · Michael Niedermayer · 5c9e12bc · d32ebce8
Commit d32ebce8 authored May 18, 2017 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

pixlet.c libavcodec/pixlet.c +2 -0

No files found.
--- a/libavcodec/pixlet.c
+++ b/libavcodec/pixlet.c
@@ -229,6 +229,8 @@ static int read_high_coeffs(AVCodecContext *avctx, uint8_t *src, int16_t *dst, i
            cnt1 = get_bits(b, nbits);
        } else {
            pfx = 14 + ((((uint64_t)(value - 14)) >> 32) & (value - 14));
+            if (pfx < 1 || pfx > 25)
+                return AVERROR_INVALIDDATA;
            cnt1 *= (1 << pfx) - 1;
            shbits = show_bits(b, pfx);
            if (shbits <= 1) {