libFLAC/bitreader.c: Fix out-of-bounds read Credit: Oss-Fuzz Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069 Testcase: fuzzer_decoder-5670265022840832 cherry-picked from upstream commit: 2e7931c27eb15e387da440a37f12437e35b22dd4 Bug: 156076070 Test: POC in bug description Change-Id: Iafc2b895d75816177729f70feb53aec68e5c2aad

commit: 029048f823ced50f63a92e25073427ec3a9bd909 [log] [tgz]
author: Erik de Castro Lopo <erikd@mega-nerd.com> Mon Oct 07 12:55:58 2019 +1100
committer: Ray Essick <essick@google.com> Wed Jul 29 10:03:27 2020 -0700
tree: 61c9b773e1cb80b5cb6a16aa0df177f6ce65a69a
parent: 5d82bd34ea73d8ef50d561e95efeddd4632b1650 [diff]
diff --git a/libFLAC/bitreader.c b/libFLAC/bitreader.c
index ab62d41..8969714 100644
--- a/libFLAC/bitreader.c
+++ b/libFLAC/bitreader.c

@@ -859,7 +859,7 @@
 			cwords = br->consumed_words;
 			words = br->words;
 			ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
-			b = br->buffer[cwords] << br->consumed_bits;
+			b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
 		} while(cwords >= words && val < end);
 	}
commit	029048f823ced50f63a92e25073427ec3a9bd909	[log] [tgz]
author	Erik de Castro Lopo <erikd@mega-nerd.com>	Mon Oct 07 12:55:58 2019 +1100
committer	Ray Essick <essick@google.com>	Wed Jul 29 10:03:27 2020 -0700
tree	61c9b773e1cb80b5cb6a16aa0df177f6ce65a69a
parent	5d82bd34ea73d8ef50d561e95efeddd4632b1650 [diff]