libFLAC/bitreader.c: Fix shift invoking undefined behaviour
authorErik de Castro Lopo <erikd@mega-nerd.com>
Sun, 25 Aug 2019 07:24:47 +0000 (17:24 +1000)
committerErik de Castro Lopo <erikd@mega-nerd.com>
Sun, 15 Sep 2019 20:18:07 +0000 (06:18 +1000)
Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16458
Testcase: fuzzer_decoder-5649174900506624

src/libFLAC/bitreader.c

index 9050743..62e1199 100644 (file)
@@ -456,7 +456,7 @@ FLAC__bool FLAC__bitreader_read_raw_int32(FLAC__BitReader *br, FLAC__int32 *val,
 {
        FLAC__uint32 uval, mask;
        /* OPT: inline raw uint32 code here, or make into a macro if possible in the .h file */
-       if(!FLAC__bitreader_read_raw_uint32(br, &uval, bits))
+       if (bits < 1 || ! FLAC__bitreader_read_raw_uint32(br, &uval, bits))
                return false;
        /* sign-extend *val assuming it is currently bits wide. */
        /* From: https://graphics.stanford.edu/~seander/bithacks.html#FixedSignExtend */