imc: sanity check scalefactors.
authorMichael Niedermayer <michaelni@gmx.at>
Tue, 13 Nov 2012 23:01:56 +0000 (00:01 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Tue, 13 Nov 2012 23:03:42 +0000 (00:03 +0100)
This fixes undefined behavior

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/imc.c

index fff4b90..fdf8e2c 100644 (file)
@@ -805,6 +805,13 @@ static int imc_decode_block(AVCodecContext *avctx, IMCContext *q, int ch)
         imc_decode_level_coefficients2(q, chctx->levlCoeffBuf, chctx->old_floor,
                                        chctx->flcoeffs1, chctx->flcoeffs2);
 
+    for(i=0; i<BANDS; i++) {
+        if(chctx->flcoeffs1[i] > INT_MAX) {
+            av_log(avctx, AV_LOG_ERROR, "scalefactor out of range\n");
+            return AVERROR_INVALIDDATA;
+        }
+    }
+
     memcpy(chctx->old_floor, chctx->flcoeffs1, 32 * sizeof(float));
 
     counter = 0;