Fix out of bound reads in the QDM2 decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 5a19acb17ceb71657b0eec51dac651953520e5c8) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 0d93d5c4614fafea74bdac681673f5b32eb49063) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
author: Laurent Aimar <fenrir@videolan.org> 2011-10-01 00:45:04 +0200
committer: Reinhard Tartler <siretart@tauware.de> 2011-12-24 16:07:49 +0100
commit: 8abf1d882eee75e9fe2b31f387afaf5ad339f4b3 (patch)
tree: fee63a089521fcc89aff611264a046282b02edfa
parent: 1a5309540663a844080e9eec09477ea909a50efe (diff)
download: ffmpeg-8abf1d882eee75e9fe2b31f387afaf5ad339f4b3.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
index 0a21bc8b81..0a4840242f 100644
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -1378,6 +1378,8 @@ static void qdm2_fft_decode_tones (QDM2Context *q, int duration, GetBitContext *
             return;
 
         local_int_14 = (offset >> local_int_8);
+        if (local_int_14 >= FF_ARRAY_ELEMS(fft_level_index_table))
+            return;
 
         if (q->nb_channels > 1) {
             channel = get_bits1(gb);
author	Laurent Aimar <fenrir@videolan.org>	2011-10-01 00:45:04 +0200
committer	Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:07:49 +0100
commit	8abf1d882eee75e9fe2b31f387afaf5ad339f4b3 (patch)
tree	fee63a089521fcc89aff611264a046282b02edfa
parent	1a5309540663a844080e9eec09477ea909a50efe (diff)
download	ffmpeg-8abf1d882eee75e9fe2b31f387afaf5ad339f4b3.tar.gz