From d5128fce38646d3f64c55feda42084888ba0e87e Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Mon, 23 Dec 2013 18:09:58 +0100
Subject: avcodec/apedec: more checks for k

Fixes assertion failure
Fixes part of msan_uninit-mem_7fa0d8c8bd58_8417_sh3.ape
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/apedec.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'libavcodec/apedec.c')

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 6ec502b796..07aff923ba 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -603,10 +603,14 @@ static void decode_array_0000(APEContext *ctx, GetBitContext *gb,
         rice->ksum += out[i];
     }
     rice->k = av_log2(rice->ksum / 10) + 1;
+    if (rice->k >= 24)
+        return;
     for (; i < 64; i++) {
         out[i] = get_rice_ook(&ctx->gb, rice->k);
         rice->ksum += out[i];
         rice->k = av_log2(rice->ksum / ((i + 1) * 2)) + 1;
+        if (rice->k >= 24)
+            return;
     }
     ksummax = 1 << rice->k + 7;
     ksummin = rice->k ? (1 << rice->k + 6) : 0;
-- 
cgit v1.2.3