From e78b0f83748f92ea9e93b21c36082e0dd04d7cb1 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 5 Jun 2019 12:18:54 +0200
Subject: [PATCH] avcodec/bitstream: Check for integer code truncation in
 build_table()

Fixes: out of array read
Fixes: 14563/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5646451545210880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/bitstream.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/bitstream.c b/libavcodec/bitstream.c
index 8762e5f4b2..590b490527 100644
--- a/libavcodec/bitstream.c
+++ b/libavcodec/bitstream.c
@@ -226,6 +226,10 @@ static int build_table(VLC *vlc, int table_nb_bits, int nb_codes,
             /* note: realloc has been done, so reload tables */
             table = (volatile VLC_TYPE (*)[2])&vlc->table[table_index];
             table[j][0] = index; //code
+            if (table[j][0] != index) {
+                avpriv_request_sample(NULL, "strange codes");
+                return AVERROR_PATCHWELCOME;
+            }
             i = k-1;
         }
     }