virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-21 10:55:51 +02:00
Code Issues Releases Activity

Revert "Merge remote-tracking branch 'qatar/master'" (43dec5ef9a)

Browse Source 
Fixes out of array accesses
Fixes asan_static-oob_eb9812_5961_iv41.avi
This reverts the merge of c9ef6b0932

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
This commit is contained in:
Michael Niedermayer 2013-11-25 19:45:43 +01:00
parent a02860351d
commit c3d5cd1ebf
1 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
libavcodec/indeo4.c
View File

@ -284,6 +284,7 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band,
{
int plane, band_num, indx, transform_id, scan_indx;
int i;
int quant_mat;
plane = get_bits(&ctx->gb, 2);
band_num = get_bits(&ctx->gb, 4);
@ -382,18 +383,17 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band,
band->scan = scan_index_to_tab[scan_indx];
band->scan_size = band->blk_size;
band->quant_mat = get_bits(&ctx->gb, 5);
if (band->quant_mat >= FF_ARRAY_ELEMS(quant_index_to_tab)) {
if (band->quant_mat == 31)
av_log(avctx, AV_LOG_ERROR,
"Custom quant matrix encountered!\n");
else
avpriv_request_sample(avctx, "Quantization matrix %d",
band->quant_mat);
band->quant_mat = -1;
quant_mat = get_bits(&ctx->gb, 5);
if (quant_mat == 31) {
av_log(avctx, AV_LOG_ERROR, "Custom quant matrix encountered!\n");
return AVERROR_INVALIDDATA;
}
if (quant_mat >= FF_ARRAY_ELEMS(quant_index_to_tab)) {
avpriv_request_sample(avctx, "Quantization matrix %d",
quant_mat);
return AVERROR_INVALIDDATA;
}
band->quant_mat = quant_mat;
} else {
if (old_blk_size != band->blk_size) {
av_log(avctx, AV_LOG_ERROR,
@ -401,10 +401,6 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band,
"inherited\n");
return AVERROR_INVALIDDATA;
}
if (band->quant_mat < 0) {
av_log(avctx, AV_LOG_ERROR, "Invalid quant_mat inherited\n");
return AVERROR_INVALIDDATA;
}
}
if (quant_index_to_tab[band->quant_mat] > 4 && band->blk_size == 4) {
av_log(avctx, AV_LOG_ERROR, "Invalid quant matrix for 4x4 block encountered!\n");