On Thu, Mar 03, 2022 at 06:36:29PM +0100, Paul B Mahol wrote: > On 11/3/16, Michael Niedermayer wrote: > > Signed-off-by: Michael Niedermayer > > --- > > libavcodec/ac3dec.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/libavcodec/ac3dec.c b/libavcodec/ac3dec.c > > index a95c204..499971a 100644 > > --- a/libavcodec/ac3dec.c > > +++ b/libavcodec/ac3dec.c > > @@ -426,6 +426,10 @@ static int decode_exponents(AC3DecodeContext *s, > > group_size = exp_strategy + (exp_strategy == EXP_D45); > > for (grp = 0, i = 0; grp < ngrps; grp++) { > > expacc = get_bits(gbc, 7); > > + if (expacc >= 125) { > > + av_log(s->avctx, AV_LOG_ERROR, "expacc %d is out-of-range\n", > > expacc); > > + return AVERROR_INVALIDDATA; > > + } > > dexp[i++] = ungroup_3_in_7_bits_tab[expacc][0]; > > dexp[i++] = ungroup_3_in_7_bits_tab[expacc][1]; > > dexp[i++] = ungroup_3_in_7_bits_tab[expacc][2]; > > -- > > Please revert this ASAP. It breaks decoding valid files. please provide an affected file / link to one thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB "You are 36 times more likely to die in a bathtub than at the hands of a terrorist. Also, you are 2.5 times more likely to become a president and 2 times more likely to become an astronaut, than to die in a terrorist attack." -- Thoughty2