From b648b246f07a4b041dcefd7309af407c1b74862a Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Tue, 22 Dec 2015 19:44:00 +0100
Subject: diracdec: add missing check for pixel_range_index

This fixes an out-of-bounds read introduced in commit 0379603.

Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavcodec/dirac.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'libavcodec/dirac.c')

diff --git a/libavcodec/dirac.c b/libavcodec/dirac.c
index 33cc96098c..faf5534e88 100644
--- a/libavcodec/dirac.c
+++ b/libavcodec/dirac.c
@@ -262,6 +262,9 @@ static int parse_source_parameters(AVDiracSeqHeader *dsh, GetBitContext *gb,
 
     dsh->bit_depth = luma_depth;
 
+    if (dsh->pixel_range_index < 2U)
+        return AVERROR_INVALIDDATA;
+
     dsh->pix_fmt = dirac_pix_fmt[dsh->chroma_format][dsh->pixel_range_index-2];
     avcodec_get_chroma_sub_sample(dsh->pix_fmt, &chroma_x_shift, &chroma_y_shift);
     if ((dsh->width % (1<<chroma_x_shift)) || (dsh->height % (1<<chroma_y_shift))) {
-- 
cgit v1.2.3