From 9991298f2c4d9022ad56057f15d037e18d454157 Mon Sep 17 00:00:00 2001
From: Luca Barbato <lu_zero@gentoo.org>
Date: Sun, 4 Aug 2013 18:48:20 +0200
Subject: bink: Bound check the quantization matrix.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
---
 libavcodec/bink.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'libavcodec/bink.c')

diff --git a/libavcodec/bink.c b/libavcodec/bink.c
index 7ec0cabaed..98a54c6969 100644
--- a/libavcodec/bink.c
+++ b/libavcodec/bink.c
@@ -681,6 +681,9 @@ static int read_dct_coeffs(GetBitContext *gb, int32_t block[64], const uint8_t *
         quant_idx = q;
     }
 
+    if (quant_idx >= 16)
+        return AVERROR_INVALIDDATA;
+
     quant = quant_matrices[quant_idx];
 
     block[0] = (block[0] * quant[0]) >> 11;
-- 
cgit v1.2.3