From e59c28b16660b8f86ef05c7f0db4db89e62ed55f Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Thu, 18 Dec 2014 16:09:31 +0100
Subject: [PATCH] avcodec/adpcm: Check idelta

Fixes integer overflow
Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/adpcm.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c
index 2f95a6ff45..7785a7a6dc 100644
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@@ -246,6 +246,10 @@ static inline short adpcm_ms_expand_nibble(ADPCMChannelStatus *c, int nibble)
     c->sample1 = av_clip_int16(predictor);
     c->idelta = (ff_adpcm_AdaptationTable[(int)nibble] * c->idelta) >> 8;
     if (c->idelta < 16) c->idelta = 16;
+    if (c->idelta > INT_MAX/768) {
+        av_log(NULL, AV_LOG_WARNING, "idelta overflow\n");
+        c->idelta = INT_MAX/768;
+    }
 
     return c->sample1;
 }