X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fsnappy.c;h=f5c4c6578b09debbedcad2b188fe64bd2a2abc18;hb=6c777a6688715b21a15cab2cd87c8379225e53ec;hp=7900b0f978535490425b9b2bb9828a39f96739cb;hpb=29929fc8e2449d2db8bd144b2badc8d1e6347412;p=ffmpeg

diff --git a/libavcodec/snappy.c b/libavcodec/snappy.c
index 7900b0f9785..f5c4c6578b0 100644
--- a/libavcodec/snappy.c
+++ b/libavcodec/snappy.c
@@ -39,6 +39,8 @@ static int64_t bytestream2_get_levarint(GetByteContext *gb)
 
     do {
         tmp = bytestream2_get_byte(gb);
+        if (shift > 31 || ((tmp & 127LL) << shift) > INT_MAX)
+            return AVERROR_INVALIDDATA;
         val |= (tmp & 127) << shift;
         shift += 7;
     } while (tmp & 128);