indeo4: fix out-of-bounds function call.

Message ID 20120321180056.C04005E0A0@aruru.libav.org
State New
Headers show

Commit Message

Janne Grunau March 21, 2012, 6 p.m.
Module: libav
Branch: master
Commit: 68fd077f68bdde864bb7328d72a040849c616261

Author:    Ronald S. Bultje <rsbultje@gmail.com>
Committer: Kostya Shishkov <kostya.shishkov@gmail.com>
Date:      Wed Mar 21 10:39:10 2012 -0700

indeo4: fix out-of-bounds function call.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>

---

 libavcodec/indeo4.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

Patch

diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c
index 573718e..3e8a398 100644
--- a/libavcodec/indeo4.c
+++ b/libavcodec/indeo4.c
@@ -372,7 +372,8 @@  static int decode_band_hdr(IVI4DecContext *ctx, IVIBandDesc *band,
 
         if (!get_bits1(&ctx->gb) || ctx->frame_type == FRAMETYPE_INTRA) {
             transform_id = get_bits(&ctx->gb, 5);
-            if (!transforms[transform_id].inv_trans) {
+            if (transform_id >= FF_ARRAY_ELEMS(transforms) ||
+                !transforms[transform_id].inv_trans) {
                 av_log_ask_for_sample(avctx, "Unimplemented transform: %d!\n", transform_id);
                 return AVERROR_PATCHWELCOME;
             }