vqavideo: check the version

Prevent out of buffer write. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit c4abc9098cacb227dba39bac6aea16b2bceba0d0) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
author: Luca Barbato <lu_zero@gentoo.org> 2013-06-27 03:19:05 +0200
committer: Luca Barbato <lu_zero@gentoo.org> 2013-08-24 11:28:07 +0200
commit: fb1823e17807294ba0ab89b28f744ba73856009f (patch)
tree: 647f76bc9985060d591c6240f5a8a8202885268c
parent: a747cf8873ee8e4cb229b215fd3356f374488c12 (diff)
download: ffmpeg-fb1823e17807294ba0ab89b28f744ba73856009f.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c
index 841210ce97..b4656b8891 100644
--- a/libavcodec/vqavideo.c
+++ b/libavcodec/vqavideo.c
@@ -135,6 +135,17 @@ static av_cold int vqa_decode_init(AVCodecContext *avctx)
 
     /* load up the VQA parameters from the header */
     s->vqa_version = s->avctx->extradata[0];
+    switch (s->vqa_version) {
+    case 1:
+    case 2:
+        break;
+    case 3:
+        av_log_missing_feature(avctx, "VQA Version 3", 0);
+        return AVERROR_PATCHWELCOME;
+    default:
+        av_log_missing_feature(avctx, "VQA Version", 1);
+        return AVERROR_PATCHWELCOME;
+    }
     s->width = AV_RL16(&s->avctx->extradata[6]);
     s->height = AV_RL16(&s->avctx->extradata[8]);
     if(av_image_check_size(s->width, s->height, 0, avctx)){
author	Luca Barbato <lu_zero@gentoo.org>	2013-06-27 03:19:05 +0200
committer	Luca Barbato <lu_zero@gentoo.org>	2013-08-24 11:28:07 +0200
commit	fb1823e17807294ba0ab89b28f744ba73856009f (patch)
tree	647f76bc9985060d591c6240f5a8a8202885268c
parent	a747cf8873ee8e4cb229b215fd3356f374488c12 (diff)
download	ffmpeg-fb1823e17807294ba0ab89b28f744ba73856009f.tar.gz