From b56388541bc46488c85f8d648e202686bddba1f9 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 20 Oct 2019 23:02:27 +0200
Subject: [PATCH] avcodec/rawdec: Check bits_per_coded_sample more pedantically
 for 16bit cases

Fixes: shift exponent -14 is negative
Fixes: 18335/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RAWVIDEO_fuzzer-5723267192586240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5634e2052533fcce46f20c2720b0c8d5f55143ce)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/rawdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/rawdec.c b/libavcodec/rawdec.c
index 53f5b76e93..0b2d8708e6 100644
--- a/libavcodec/rawdec.c
+++ b/libavcodec/rawdec.c
@@ -223,7 +223,7 @@ static int raw_decode(AVCodecContext *avctx, void *data, int *got_frame,
                                                            FFALIGN(avctx->width, 16),
                                                            avctx->height, 1);
     } else {
-        context->is_lt_16bpp = av_get_bits_per_pixel(desc) == 16 && avctx->bits_per_coded_sample && avctx->bits_per_coded_sample < 16;
+        context->is_lt_16bpp = av_get_bits_per_pixel(desc) == 16 && avctx->bits_per_coded_sample > 8 && avctx->bits_per_coded_sample < 16;
         context->frame_size = av_image_get_buffer_size(avctx->pix_fmt, avctx->width,
                                                        avctx->height, 1);
     }