On Tue, Nov 22, 2022 at 11:26:48AM +0100, Paul B Mahol wrote: > Patch attached. > bonk.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > 84abac919e9c120e48bb1a3f84be0697f620b66a 0001-avcodec-bonk-check-level-value-to-not-reach-invalid-.patch > From 1b9204a39ea111f4fa34fe9cb4254dea2f20923d Mon Sep 17 00:00:00 2001 > From: Paul B Mahol > Date: Tue, 22 Nov 2022 11:27:39 +0100 > Subject: [PATCH] avcodec/bonk: check level value to not reach invalid values > > Signed-off-by: Paul B Mahol > --- > libavcodec/bonk.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) [...] > @@ -330,7 +333,7 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame *frame, > > skip_bits(gb, s->skip); > if ((ret = intlist_read(s, s->k, s->n_taps, 0)) < 0) > - return ret; > + goto fail; > > for (int i = 0; i < s->n_taps; i++) > s->k[i] *= s->quant[i]; > @@ -345,7 +348,7 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame *frame, > > predictor_init_state(s->k, state, s->n_taps); > if ((ret = intlist_read(s, s->input_samples, samples_per_packet, 1)) < 0) > - return ret; > + goto fail; > > for (int i = 0; i < samples_per_packet; i++) { > for (int j = 0; j < s->down_sampling - 1; j++) { > @@ -390,6 +393,7 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame *frame, > n = get_bits_count(gb) / 8; > > if (n > buf_size) { > +fail: > s->bitstream_size = 0; > s->bitstream_index = 0; > return AVERROR_INVALIDDATA; > -- LGTM thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB When the tyrant has disposed of foreign enemies by conquest or treaty, and there is nothing more to fear from them, then he is always stirring up some war or other, in order that the people may require a leader. -- Plato