From 5eb04570f6609d7e9706f2ce8b61119605e3a0a2 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 23 Feb 2017 15:19:29 +0100
Subject: avcodec/wavpack: Check post_shift

Fixes: runtime error: shift exponent 34 is too large for 32-bit type 'int'

Fixes: 653/clusterfuzz-testcase-5773837415219200

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/wavpack.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'libavcodec/wavpack.c')

diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 24d57f57db..eeee6a6ae4 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -681,6 +681,9 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
     s->hybrid         =   s->frame_flags & WV_HYBRID_MODE;
     s->hybrid_bitrate =   s->frame_flags & WV_HYBRID_BITRATE;
     s->post_shift     = bpp * 8 - orig_bpp + ((s->frame_flags >> 13) & 0x1f);
+    if (s->post_shift < 0 || s->post_shift > 31) {
+        return AVERROR_INVALIDDATA;
+    }
     s->hybrid_maxclip =  ((1LL << (orig_bpp - 1)) - 1);
     s->hybrid_minclip = ((-1UL << (orig_bpp - 1)));
     s->CRC            = bytestream2_get_le32(&gb);
-- 
cgit v1.2.3