From 68fd077f68bdde864bb7328d72a040849c616261 Mon Sep 17 00:00:00 2001
From: "Ronald S. Bultje" <rsbultje@gmail.com>
Date: Wed, 21 Mar 2012 10:39:10 -0700
Subject: indeo4: fix out-of-bounds function call.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
---
 libavcodec/indeo4.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'libavcodec/indeo4.c')

diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c
index 573718e374..3e8a3988d6 100644
--- a/libavcodec/indeo4.c
+++ b/libavcodec/indeo4.c
@@ -372,7 +372,8 @@ static int decode_band_hdr(IVI4DecContext *ctx, IVIBandDesc *band,
 
         if (!get_bits1(&ctx->gb) || ctx->frame_type == FRAMETYPE_INTRA) {
             transform_id = get_bits(&ctx->gb, 5);
-            if (!transforms[transform_id].inv_trans) {
+            if (transform_id >= FF_ARRAY_ELEMS(transforms) ||
+                !transforms[transform_id].inv_trans) {
                 av_log_ask_for_sample(avctx, "Unimplemented transform: %d!\n", transform_id);
                 return AVERROR_PATCHWELCOME;
             }
-- 
cgit v1.2.3