Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
Date: 2021-04-02
Initial Package Version: 1.3.3.
Upstream Status: Applied
Origin: https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4
Description: Fixes CVE-2020-0499

diff --git a/src/libFLAC/bitreader.c b/src/libFLAC/bitreader.c
index 5e4b59180..3df4d02c0 100644
--- a/src/libFLAC/bitreader.c
+++ b/src/libFLAC/bitreader.c
@@ -869,7 +869,7 @@ FLAC__bool FLAC__bitreader_read_rice_signed_block(FLAC__BitReader *br, int vals[
 			cwords = br->consumed_words;
 			words = br->words;
 			ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
-			b = br->buffer[cwords] << br->consumed_bits;
+			b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
 		} while(cwords >= words && val < end);
 	}