From dc79685195a45c9b8b17d7b93d118e0aefa45462 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Fri, 12 Jul 2013 14:33:24 +0200 Subject: indeo: Bound-check before applying transform Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/indeo4.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'libavcodec/indeo4.c') diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c index dbf24fac2a..1d68ded3ff 100644 --- a/libavcodec/indeo4.c +++ b/libavcodec/indeo4.c @@ -346,6 +346,13 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band, band->inv_transform = transforms[transform_id].inv_trans; band->dc_transform = transforms[transform_id].dc_trans; band->is_2d_trans = transforms[transform_id].is_2d_trans; + if (transform_id < 10) + band->transform_size = 8; + else + band->transform_size = 4; + + if (band->blk_size != band->transform_size) + return AVERROR_INVALIDDATA; scan_indx = get_bits(&ctx->gb, 4); if (scan_indx == 15) { -- cgit v1.2.3