[FFmpeg-cvslog] Check for out of bound reads in xan_huffman_decode() of the xan decoder.

[Laurent Aimar]

ffmpeg | branch: master | Laurent Aimar <fenrir at videolan.org> | Wed Sep 28 00:45:54 2011 +0200| [c8b835954ae4aef797112afda3b52f8dfe3c7b74] | committer: Michael Niedermayer

Check for out of bound reads in xan_huffman_decode() of the xan decoder.

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c8b835954ae4aef797112afda3b52f8dfe3c7b74
---

 libavcodec/xan.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/libavcodec/xan.c b/libavcodec/xan.c
index fe11ac3..21b5302 100644
--- a/libavcodec/xan.c
+++ b/libavcodec/xan.c
@@ -114,7 +114,10 @@ static int xan_huffman_decode(unsigned char *dest, int dest_len,
     init_get_bits(&gb, ptr, ptr_len * 8);
 
     while ( val != 0x16 ) {
-        val = src[val - 0x17 + get_bits1(&gb) * byte];
+        unsigned idx = val - 0x17 + get_bits1(&gb) * byte;
+        if (idx >= 2 * byte)
+            return -1;
+        val = src[idx];
 
         if ( val < 0x16 ) {
             if (dest >= dest_end)