avcodec/diracdec: Fix off by 1 error in quant check

Fixes: out of array read Fixes: 1781/clusterfuzz-testcase-minimized-4617176877105152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b946bd8ef2c7aeee09469a4901182a44f9b67189) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2017-05-25 16:35:40 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2017-06-16 01:05:27 +0200
commit: 8cbe7461b364ef86c31ec56fd903aa6cb6d82c5f (patch)
tree: 847b39130625f4aa5bdbaa317d0d8de2e29c3823
parent: fdba18c0683b8eb194eb26356efc5cbaf0dc406c (diff)
download: ffmpeg-8cbe7461b364ef86c31ec56fd903aa6cb6d82c5f.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index f334f313a6..e73b998e92 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -817,7 +817,7 @@ static int decode_hq_slice(DiracContext *s, DiracSlice *slice, uint8_t *tmp_buf)
     skip_bits_long(gb, 8*s->highquality.prefix_bytes);
     quant_idx = get_bits(gb, 8);
 
-    if (quant_idx > DIRAC_MAX_QUANT_INDEX) {
+    if (quant_idx > DIRAC_MAX_QUANT_INDEX - 1) {
         av_log(s->avctx, AV_LOG_ERROR, "Invalid quantization index - %i\n", quant_idx);
         return AVERROR_INVALIDDATA;
     }
author	Michael Niedermayer <michael@niedermayer.cc>	2017-05-25 16:35:40 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2017-06-16 01:05:27 +0200
commit	8cbe7461b364ef86c31ec56fd903aa6cb6d82c5f (patch)
tree	847b39130625f4aa5bdbaa317d0d8de2e29c3823
parent	fdba18c0683b8eb194eb26356efc5cbaf0dc406c (diff)
download	ffmpeg-8cbe7461b364ef86c31ec56fd903aa6cb6d82c5f.tar.gz