From 76a886dae364c665ee83d3eac44e28062b687baa Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 11 Feb 2018 03:38:54 +0100
Subject: [PATCH] avcodec/vp3: Error out on invalid num_coeffs in unpack_vlcs()

This fixes a hypothetical integer overflow

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f2318aee8ca8df1c84092f7d6691a2d0df02c474)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/vp3.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
index e46a9e6971..bb4e554dde 100644
--- a/libavcodec/vp3.c
+++ b/libavcodec/vp3.c
@@ -951,9 +951,11 @@ static int unpack_vlcs(Vp3DecodeContext *s, GetBitContext *gb,
     Vp3Fragment *all_fragments = s->all_fragments;
     VLC_TYPE(*vlc_table)[2] = table->table;
 
-    if (num_coeffs < 0)
+    if (num_coeffs < 0) {
         av_log(s->avctx, AV_LOG_ERROR,
                "Invalid number of coefficients at level %d\n", coeff_index);
+        return AVERROR_INVALIDDATA;
+    }
 
     if (eob_run > num_coeffs) {
         coeff_i      =