1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

indeo4: avoid storing invalid values in quant_mat.

Fixes a global array overread

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-04-16 14:38:40 +02:00
parent 474e31c904
commit 884efd4e09

View File

@ -327,6 +327,7 @@ static int decode_band_hdr(IVI4DecContext *ctx, IVIBandDesc *band,
{
int plane, band_num, indx, transform_id, scan_indx;
int i;
int quant_mat;
plane = get_bits(&ctx->gb, 2);
band_num = get_bits(&ctx->gb, 4);
@ -408,15 +409,16 @@ static int decode_band_hdr(IVI4DecContext *ctx, IVIBandDesc *band,
}
band->scan = scan_index_to_tab[scan_indx];
band->quant_mat = get_bits(&ctx->gb, 5);
if (band->quant_mat == 31) {
quant_mat = get_bits(&ctx->gb, 5);
if (quant_mat == 31) {
av_log(avctx, AV_LOG_ERROR, "Custom quant matrix encountered!\n");
return AVERROR_INVALIDDATA;
}
if (band->quant_mat > 21) {
if (quant_mat > 21) {
av_log(avctx, AV_LOG_ERROR, "Invalid quant matrix encountered!\n");
return AVERROR_INVALIDDATA;
}
band->quant_mat = quant_mat;
}
/* decode block huffman codebook */