From beefafda639dd53fc59c21d8a7cf8334da9a1062 Mon Sep 17 00:00:00 2001
From: Laurent Aimar <fenrir@videolan.org>
Date: Wed, 7 Sep 2011 23:12:32 +0200
Subject: [PATCH] Fixed invalid access in wavpack decoder on corrupted extra
 bits sub-blocks.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Martin Storsjö <martin@martin.st>
---
 libavcodec/wavpack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 22fab38..fccafa8 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -385,7 +385,7 @@ static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, in
     if(s->extra_bits){
         S <<= s->extra_bits;
 
-        if(s->got_extra_bits){
+        if(s->got_extra_bits && get_bits_left(&s->gb_extra_bits) >= s->extra_bits){
             S |= get_bits(&s->gb_extra_bits, s->extra_bits);
             *crc = *crc * 9 + (S&0xffff) * 3 + ((unsigned)S>>16);
         }
-- 
2.7.4