vqavideo: check the version

Prevent out of buffer write. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit c4abc9098cacb227dba39bac6aea16b2bceba0d0) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
author: Luca Barbato <lu_zero@gentoo.org> 2013-06-27 03:19:05 +0200
committer: Luca Barbato <lu_zero@gentoo.org> 2013-09-13 15:26:52 +0200
commit: c6942a4b037476ca097036e99bb509b5e5d59128 (patch)
tree: b4436222bc95aeff2a6bbcd5b0f9d3466a395fc9
parent: fe8b5a37d5856769e91c159b83c19578ad316f61 (diff)
download: ffmpeg-c6942a4b037476ca097036e99bb509b5e5d59128.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c
index 4826650a6e..110d8b17d5 100644
--- a/libavcodec/vqavideo.c
+++ b/libavcodec/vqavideo.c
@@ -134,6 +134,17 @@ static av_cold int vqa_decode_init(AVCodecContext *avctx)
 
     /* load up the VQA parameters from the header */
     s->vqa_version = s->avctx->extradata[0];
+    switch (s->vqa_version) {
+    case 1:
+    case 2:
+        break;
+    case 3:
+        av_log_missing_feature(avctx, "VQA Version 3", 0);
+        return AVERROR_PATCHWELCOME;
+    default:
+        av_log_missing_feature(avctx, "VQA Version", 1);
+        return AVERROR_PATCHWELCOME;
+    }
     s->width = AV_RL16(&s->avctx->extradata[6]);
     s->height = AV_RL16(&s->avctx->extradata[8]);
     if(av_image_check_size(s->width, s->height, 0, avctx)){
author	Luca Barbato <lu_zero@gentoo.org>	2013-06-27 03:19:05 +0200
committer	Luca Barbato <lu_zero@gentoo.org>	2013-09-13 15:26:52 +0200
commit	c6942a4b037476ca097036e99bb509b5e5d59128 (patch)
tree	b4436222bc95aeff2a6bbcd5b0f9d3466a395fc9
parent	fe8b5a37d5856769e91c159b83c19578ad316f61 (diff)
download	ffmpeg-c6942a4b037476ca097036e99bb509b5e5d59128.tar.gz