X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fcavsdec.c;h=c7fff67c06c660ce31e11b7d3aea8cf8b5b725a7;hb=4cfb01d6ae545cec4a507113a6cbcf3b6e727e94;hp=06c752735eceff846b5b33d2a74b0d07315764f4;hpb=77eba7bd99355fc37a2bfc9d0224218f4022762c;p=ffmpeg

diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c
index 06c752735ec..c7fff67c06c 100644
--- a/libavcodec/cavsdec.c
+++ b/libavcodec/cavsdec.c
@@ -1067,6 +1067,11 @@ static int decode_pic(AVSContext *h)
     if (!h->loop_filter_disable && get_bits1(&h->gb)) {
         h->alpha_offset        = get_se_golomb(&h->gb);
         h->beta_offset         = get_se_golomb(&h->gb);
+        if (   h->alpha_offset < -64 || h->alpha_offset > 64
+            || h-> beta_offset < -64 || h-> beta_offset > 64) {
+            h->alpha_offset = h->beta_offset  = 0;
+            return AVERROR_INVALIDDATA;
+        }
     } else {
         h->alpha_offset = h->beta_offset  = 0;
     }