avcodec/ituh263dec: Fix runtime error: left shift of 1342177279 by 1 places cannot...

Fixes: 659/clusterfuzz-testcase-5866673603084288

Huge DMV could be created by an encoder ignoring the spec

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/ituh263dec.c b/libavcodec/ituh263dec.c
index 9a2c8e6..09b6a2f 100644 (file)
--- a/libavcodec/ituh263dec.c
+++ b/libavcodec/ituh263dec.c
@@ -303,6 +303,10 @@ static int h263p_decode_umotion(MpegEncContext * s, int pred)
    {
       code <<= 1;
       code += get_bits1(&s->gb);
+      if (code >= 32768) {
+          avpriv_request_sample(s->avctx, "Huge DMV");
+          return AVERROR_INVALIDDATA;
+      }
    }
    sign = code & 1;
    code >>= 1;