X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fsnappy.c;h=f5c4c6578b09debbedcad2b188fe64bd2a2abc18;hb=e847cabb60a29c354512664022ad6833a907bf1b;hp=7900b0f978535490425b9b2bb9828a39f96739cb;hpb=f4cf6ba8c9646814af842a99335c6ee312ded299;p=ffmpeg

diff --git a/libavcodec/snappy.c b/libavcodec/snappy.c
index 7900b0f9785..f5c4c6578b0 100644
--- a/libavcodec/snappy.c
+++ b/libavcodec/snappy.c
@@ -39,6 +39,8 @@ static int64_t bytestream2_get_levarint(GetByteContext *gb)
 
     do {
         tmp = bytestream2_get_byte(gb);
+        if (shift > 31 || ((tmp & 127LL) << shift) > INT_MAX)
+            return AVERROR_INVALIDDATA;
         val |= (tmp & 127) << shift;
         shift += 7;
     } while (tmp & 128);