[FFmpeg-cvslog] indeo5: check quant_mat
    Michael Niedermayer 
    git at videolan.org
       
    Sat Jun  9 21:11:47 CEST 2012
    
    
  
ffmpeg | branch: release/0.8 | Michael Niedermayer <michaelni at gmx.at> | Thu May 31 05:01:28 2012 +0200| [03e404740eb13d0483cc0a3e685802fdd79c1bae] | committer: Michael Niedermayer
indeo5: check quant_mat
prevents out of array read
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 8aaa00c3012d425ce50efffadb813ad62d1ff3d5)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=03e404740eb13d0483cc0a3e685802fdd79c1bae
---
 libavcodec/indeo5.c |    4 ++++
 1 file changed, 4 insertions(+)
diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c
index 4c6bfd6..eb16726 100644
--- a/libavcodec/indeo5.c
+++ b/libavcodec/indeo5.c
@@ -219,6 +219,10 @@ static int decode_gop_header(IVI5DecContext *ctx, AVCodecContext *avctx)
             }
 
             if (band->blk_size == 8) {
+                if(quant_mat >= 5){
+                    av_log(avctx, AV_LOG_ERROR, "quant_mat %d too large!\n", quant_mat);
+                    return -1;
+                }
                 band->intra_base  = &ivi5_base_quant_8x8_intra[quant_mat][0];
                 band->inter_base  = &ivi5_base_quant_8x8_inter[quant_mat][0];
                 band->intra_scale = &ivi5_scale_quant_8x8_intra[quant_mat][0];
    
    
More information about the ffmpeg-cvslog
mailing list