libFLAC/bitreader.c: Fix out-of-bounds read
Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069
Testcase: fuzzer_decoder-5670265022840832
cherry-picked from upstream commit:
2e7931c27eb15e387da440a37f12437e35b22dd4
Bug: 156076070
Test: POC in bug description
Change-Id: Iafc2b895d75816177729f70feb53aec68e5c2aad
diff --git a/libFLAC/bitreader.c b/libFLAC/bitreader.c
index ab62d41..8969714 100644
--- a/libFLAC/bitreader.c
+++ b/libFLAC/bitreader.c
@@ -859,7 +859,7 @@
cwords = br->consumed_words;
words = br->words;
ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
- b = br->buffer[cwords] << br->consumed_bits;
+ b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
} while(cwords >= words && val < end);
}