From 6e52c5e191f302d73189c7d207ad397f73d012e7 Mon Sep 17 00:00:00 2001
From: Debian Multimedia Maintainers
 <pkg-multimedia-maintainers@lists.alioth.debian.org>
Date: Thu, 5 Dec 2019 16:27:00 +0000
Subject: [PATCH] CVE-2019-14443

commit 8937230719ad7039ff908793f3bb2111e26e4edc
Author: Michael Niedermayer <michaelni@gmx.at>
Date:   Thu May 2 16:45:06 2013 +0200

    ape_decode_value_3900: check tmpk

    Fixes division by 0

    Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
    Signed-off-by: Michael Niedermayer <michaelni@gmx.at>


Gbp-Pq: Name CVE-2019-14443.patch
---
 libavcodec/apedec.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 131c6f3..1f91e67 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -541,9 +541,13 @@ static inline int ape_decode_value_3900(APEContext *ctx, APERice *rice)
     } else
         tmpk = (rice->k < 1) ? 0 : rice->k - 1;
 
-    if (tmpk <= 16 || ctx->fileversion < 3910)
+    if (tmpk <= 16 || ctx->fileversion < 3910) {
+        if (tmpk > 23) {
+            av_log(ctx->avctx, AV_LOG_ERROR, "Too many bits: %d\n", tmpk);
+            return AVERROR_INVALIDDATA;
+        }
         x = range_decode_bits(ctx, tmpk);
-    else if (tmpk <= 32) {
+    } else if (tmpk <= 32) {
         x = range_decode_bits(ctx, 16);
         x |= (range_decode_bits(ctx, tmpk - 16) << 16);
     } else {
-- 
2.30.2