[FFmpeg-cvslog] qdm2: Check vlc_stage3_values index.

Michael Niedermayer git at videolan.org
Sun Apr 15 17:20:50 CEST 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sun Apr 15 16:17:07 2012 +0200| [1a974679d097e878401cc1a425c3ed612be1581e] | committer: Michael Niedermayer

qdm2: Check vlc_stage3_values index.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1a974679d097e878401cc1a425c3ed612be1581e
---

 libavcodec/qdm2.c |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
index 74a138b..0ba457d 100644
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -343,7 +343,14 @@ static int qdm2_get_vlc (GetBitContext *gb, VLC *vlc, int flag, int depth)
 
     /* stage-3, optional */
     if (flag) {
-        int tmp = vlc_stage3_values[value];
+        int tmp;
+
+        if (value >= 60) {
+            av_log(0, AV_LOG_ERROR, "value %d in qdm2_get_vlc too large\n", value);
+            return 0;
+        }
+
+        tmp= vlc_stage3_values[value];
 
         if ((value & ~3) > 0)
             tmp += get_bits (gb, (value >> 2));



More information about the ffmpeg-cvslog mailing list