From 998fc04bcfeeaa2b0885ee84e37bcd345797981a Mon Sep 17 00:00:00 2001
From: Justin Ruggles <justin.ruggles@gmail.com>
Date: Tue, 11 Oct 2011 13:17:44 -0400
Subject: [PATCH] apedec: use unsigned int for 'nblocks' and make sure that
 it's within int range

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/apedec.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 4c2d238b16..260ef2efa0 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -802,7 +802,7 @@ static int ape_decode_frame(AVCodecContext * avctx,
     int buf_size = avpkt->size;
     APEContext *s = avctx->priv_data;
     int16_t *samples = data;
-    int nblocks;
+    uint32_t nblocks;
     int i, n;
     int blockstodecode;
     int bytes_used;
@@ -838,9 +838,10 @@ static int ape_decode_frame(AVCodecContext * avctx,
 
         s->currentframeblocks = nblocks;
         buf += 4;
-        if (s->samples <= 0) {
+        if (!nblocks || nblocks > INT_MAX) {
+            av_log(avctx, AV_LOG_ERROR, "Invalid sample count: %u.\n", nblocks);
             *data_size = 0;
-            return buf_size;
+            return AVERROR_INVALIDDATA;
         }
 
         memset(s->decoded0,  0, sizeof(s->decoded0));