From cd78e934c246d1b2510f8fba0abfe40bb75795f6 Mon Sep 17 00:00:00 2001
From: Luca Barbato <lu_zero@gentoo.org>
Date: Fri, 12 Jul 2013 18:10:05 +0200
Subject: indeo4: Validate scantable dimension

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
---
 libavcodec/indeo4.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'libavcodec/indeo4.c')

diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c
index f1ef02a74c..dbf24fac2a 100644
--- a/libavcodec/indeo4.c
+++ b/libavcodec/indeo4.c
@@ -352,6 +352,12 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band,
                 av_log(avctx, AV_LOG_ERROR, "Custom scan pattern encountered!\n");
                 return AVERROR_INVALIDDATA;
             }
+            if (scan_indx > 4 && scan_indx < 10) {
+                if (band->blk_size != 4)
+                    return AVERROR_INVALIDDATA;
+            } else if (band->blk_size != 8)
+                return AVERROR_INVALIDDATA;
+
             band->scan = scan_index_to_tab[scan_indx];
 
             band->quant_mat = get_bits(&ctx->gb, 5);
-- 
cgit v1.2.3