[FFmpeg-cvslog] Fix out of bound reads in the QDM2 decoder.

Laurent Aimar git at videolan.org
Sun Dec 25 01:22:18 CET 2011


ffmpeg | branch: release/0.5 | Laurent Aimar <fenrir at videolan.org> | Sat Oct  1 00:45:04 2011 +0200| [8abf1d882eee75e9fe2b31f387afaf5ad339f4b3] | committer: Reinhard Tartler

Fix out of bound reads in the QDM2 decoder.

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles at gmail.com>
(cherry picked from commit 5a19acb17ceb71657b0eec51dac651953520e5c8)

Signed-off-by: Reinhard Tartler <siretart at tauware.de>
(cherry picked from commit 0d93d5c4614fafea74bdac681673f5b32eb49063)

Signed-off-by: Reinhard Tartler <siretart at tauware.de>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8abf1d882eee75e9fe2b31f387afaf5ad339f4b3
---

 libavcodec/qdm2.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
index 0a21bc8..0a48402 100644
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -1378,6 +1378,8 @@ static void qdm2_fft_decode_tones (QDM2Context *q, int duration, GetBitContext *
             return;
 
         local_int_14 = (offset >> local_int_8);
+        if (local_int_14 >= FF_ARRAY_ELEMS(fft_level_index_table))
+            return;
 
         if (q->nb_channels > 1) {
             channel = get_bits1(gb);



More information about the ffmpeg-cvslog mailing list