avcodec/mlp_parser: Check if synccode is within buffer

Fixes: undefined shift
Fixes: 9216/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-6281404575907840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/mlp_parser.c b/libavcodec/mlp_parser.c
index 185bd4d667f66284aba7a69ef22a2a0c27901a33..eb3435b6cbafb35d094dd09fd8499cdbed1ba7f1 100644 (file)
--- a/libavcodec/mlp_parser.c
+++ b/libavcodec/mlp_parser.c
@@ -320,7 +320,7 @@ static int mlp_parse(AVCodecParserContext *s,
         mp->bytes_left = 0;
     }
 
-    sync_present = (AV_RB32(buf + 4) & 0xfffffffe) == 0xf8726fba;
+    sync_present = buf_size >= 8 && (AV_RB32(buf + 4) & 0xfffffffe) == 0xf8726fba;
 
     if (!sync_present) {
         /* The first nibble of a frame is a parity check of the 4-byte