qdm2: check that coding_method is valid before using it.
authorMichael Niedermayer <michaelni@gmx.at>
Fri, 9 Nov 2012 12:13:50 +0000 (13:13 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Fri, 9 Nov 2012 12:13:50 +0000 (13:13 +0100)
Fixes out of array reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/qdm2.c

index 1d0fb37..38eca42 100644 (file)
@@ -795,6 +795,11 @@ static int synthfilt_build_sb_samples (QDM2Context *q, GetBitContext *gb, int le
                 for (j = 0; j < 16; j++)
                     sign_bits[j] = get_bits1 (gb);
 
+            if (q->coding_method[0][sb][0] <= 0) {
+                av_log(NULL, AV_LOG_ERROR, "coding method invalid\n");
+                return AVERROR_INVALIDDATA;
+            }
+
             for (j = 0; j < 64; j++)
                 if (q->coding_method[1][sb][j] > q->coding_method[0][sb][j])
                     q->coding_method[0][sb][j] = q->coding_method[1][sb][j];