From c36fc857b5a8f8bdf2bcc54ce72bbf817902edcf Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 7 Jun 2016 20:50:38 +0200
Subject: avcodec/alsdec: Check r to prevent out of array read

No testcase known

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/alsdec.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'libavcodec/alsdec.c')

diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index 842fc7dc76..a7e58a242f 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -767,6 +767,11 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)
 
             r                 = get_unary(gb, 0, 4);
             c                 = get_bits(gb, 2);
+            if (r >= 4) {
+                av_log(avctx, AV_LOG_ERROR, "r overflow\n");
+                return AVERROR_INVALIDDATA;
+            }
+
             bd->ltp_gain[2]   = ltp_gain_values[r][c];
 
             bd->ltp_gain[3]   = decode_rice(gb, 2) << 3;
-- 
cgit v1.2.3