indeo4: Validate scantable dimension
authorLuca Barbato <lu_zero@gentoo.org>
Fri, 12 Jul 2013 16:10:05 +0000 (18:10 +0200)
committerLuca Barbato <lu_zero@gentoo.org>
Sat, 24 Aug 2013 10:09:02 +0000 (12:09 +0200)
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cd78e934c246d1b2510f8fba0abfe40bb75795f6)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
libavcodec/indeo4.c

index 0f32ab9..8d00e7f 100644 (file)
@@ -353,6 +353,12 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band,
                 av_log(avctx, AV_LOG_ERROR, "Custom scan pattern encountered!\n");
                 return AVERROR_INVALIDDATA;
             }
+            if (scan_indx > 4 && scan_indx < 10) {
+                if (band->blk_size != 4)
+                    return AVERROR_INVALIDDATA;
+            } else if (band->blk_size != 8)
+                return AVERROR_INVALIDDATA;
+
             band->scan = scan_index_to_tab[scan_indx];
 
             band->quant_mat = get_bits(&ctx->gb, 5);