From 7a5e5872493ac91af65357680cf03456d0a4f1ff Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Wed, 28 Mar 2012 08:22:39 +0200
Subject: apedec: check bits <= 32

Fixes FPE

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/apedec.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'libavcodec/apedec.c')

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 4a69571ba4..907f45faff 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -421,9 +421,12 @@ static inline int ape_decode_value(APEContext *ctx, APERice *rice)
 
         if (tmpk <= 16)
             x = range_decode_bits(ctx, tmpk);
-        else {
+        else if (tmpk <= 32) {
             x = range_decode_bits(ctx, 16);
             x |= (range_decode_bits(ctx, tmpk - 16) << 16);
+        } else {
+            av_log(ctx->avctx, AV_LOG_ERROR, "too many bits\n");
+            return -1;
         }
         x += overflow << tmpk;
     } else {
-- 
cgit v1.2.3