indeo5: check quant_mat

prevents out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8aaa00c3012d425ce50efffadb813ad62d1ff3d5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2012-05-31 05:01:28 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2012-06-09 20:45:00 +0200
commit: ece27b09d6f9bc271ed19e37dcc21b7ae4db4291 (patch)
tree: c10be4391115c25b94fec171d8aca460e394dfd8
parent: 479856a3b2a1435f38bbe1c0a4b9d9b6197b4c18 (diff)
download: ffmpeg-ece27b09d6f9bc271ed19e37dcc21b7ae4db4291.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c
index 8842f221cf..1ddf7c01ea 100644
--- a/libavcodec/indeo5.c
+++ b/libavcodec/indeo5.c
@@ -220,6 +220,10 @@ static int decode_gop_header(IVI5DecContext *ctx, AVCodecContext *avctx)
             }
 
             if (band->blk_size == 8) {
+                if(quant_mat >= 5){
+                    av_log(avctx, AV_LOG_ERROR, "quant_mat %d too large!\n", quant_mat);
+                    return -1;
+                }
                 band->intra_base  = &ivi5_base_quant_8x8_intra[quant_mat][0];
                 band->inter_base  = &ivi5_base_quant_8x8_inter[quant_mat][0];
                 band->intra_scale = &ivi5_scale_quant_8x8_intra[quant_mat][0];
author	Michael Niedermayer <michaelni@gmx.at>	2012-05-31 05:01:28 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2012-06-09 20:45:00 +0200
commit	ece27b09d6f9bc271ed19e37dcc21b7ae4db4291 (patch)
tree	c10be4391115c25b94fec171d8aca460e394dfd8
parent	479856a3b2a1435f38bbe1c0a4b9d9b6197b4c18 (diff)
download	ffmpeg-ece27b09d6f9bc271ed19e37dcc21b7ae4db4291.tar.gz