avcodec/hcadec: Check scale_factors

Fixes: out of array read
Fixes: 21286/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-5683183715876864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/hcadec.c b/libavcodec/hcadec.c
index 4e3f589579c85c2b7533dafd23128cab649d8425..f25d6c39b66b3e1a60b9f4a88e83fea72ed2e45c 100644 (file)
--- a/libavcodec/hcadec.c
+++ b/libavcodec/hcadec.c
@@ -345,6 +345,7 @@ static void unpack(HCAContext *c, ChannelContext *ch,
             } else {
                 factor += delta - half_max;
             }
+            factor = av_clip_uintp2(factor, 6);
 
             ch->scale_factors[i] = factor;
         }