avcodec/jpeglsdec: check shift for values that cause overflow later

Fixes: 657/clusterfuzz-testcase-6674741433729024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2017-02-23 23:13:24 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2017-02-24 00:38:45 +0100
commit: e98dfeb27c2a82673d7f1782705f6694ec9062ca (patch)
tree: 86e3d2cd0c82d81072b2f30e8473a04bff42ae30 /libavcodec/jpeglsdec.c
parent: 76ba09d18245a2a41dc5f93a60fd00cdf358cb1f (diff)
download: ffmpeg-e98dfeb27c2a82673d7f1782705f6694ec9062ca.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c
index 68151cbbd8..c8550e47ea 100644
--- a/libavcodec/jpeglsdec.c
+++ b/libavcodec/jpeglsdec.c
@@ -375,6 +375,11 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
     else
         shift = point_transform + (16 - s->bits);
 
+    if (shift >= 16) {
+        ret = AVERROR_INVALIDDATA;
+        goto end;
+    }
+
     if (s->avctx->debug & FF_DEBUG_PICT_INFO) {
         av_log(s->avctx, AV_LOG_DEBUG,
                "JPEG-LS params: %ix%i NEAR=%i MV=%i T(%i,%i,%i) "
author	Michael Niedermayer <michael@niedermayer.cc>	2017-02-23 23:13:24 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2017-02-24 00:38:45 +0100
commit	e98dfeb27c2a82673d7f1782705f6694ec9062ca (patch)
tree	86e3d2cd0c82d81072b2f30e8473a04bff42ae30 /libavcodec/jpeglsdec.c
parent	76ba09d18245a2a41dc5f93a60fd00cdf358cb1f (diff)
download	ffmpeg-e98dfeb27c2a82673d7f1782705f6694ec9062ca.tar.gz