libFLAC/bitreader.c: Fix out-of-bounds read
authorErik de Castro Lopo <erikd@mega-nerd.com>
Mon, 7 Oct 2019 01:55:58 +0000 (12:55 +1100)
committerErik de Castro Lopo <erikd@mega-nerd.com>
Mon, 7 Oct 2019 19:14:06 +0000 (06:14 +1100)
Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069
Testcase: fuzzer_decoder-5670265022840832

src/libFLAC/bitreader.c

index 5e4b591..3df4d02 100644 (file)
@@ -869,7 +869,7 @@ incomplete_lsbs:
                        cwords = br->consumed_words;
                        words = br->words;
                        ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
-                       b = br->buffer[cwords] << br->consumed_bits;
+                       b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
                } while(cwords >= words && val < end);
        }