[FFmpeg-cvslog] dv: Fix small overread in audio frequency table.

[Alex Converse]

ffmpeg | branch: master | Alex Converse <alex.converse at gmail.com> | Thu Feb  9 17:11:55 2012 -0800| [0ab3687924457cb4fd81897bd39ab3cc5b699588] | committer: Alex Converse

dv: Fix small overread in audio frequency table.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0ab3687924457cb4fd81897bd39ab3cc5b699588
---

 libavformat/dv.c |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/libavformat/dv.c b/libavformat/dv.c
index 5be6118..0201a80 100644
--- a/libavformat/dv.c
+++ b/libavformat/dv.c
@@ -121,6 +121,9 @@ static int dv_extract_audio(uint8_t* frame, uint8_t* ppcm[4],
     if (quant > 1)
         return -1; /* unsupported quantization */
 
+    if (freq >= FF_ARRAY_ELEMS(dv_audio_frequency))
+        return AVERROR_INVALIDDATA;
+
     size = (sys->audio_min_samples[freq] + smpls) * 4; /* 2ch, 2bytes */
     half_ch = sys->difseg_size / 2;
 
@@ -203,6 +206,12 @@ static int dv_extract_audio_info(DVDemuxContext* c, uint8_t* frame)
     stype = (as_pack[3] & 0x1f);      /* 0 - 2CH, 2 - 4CH, 3 - 8CH */
     quant =  as_pack[4] & 0x07;       /* 0 - 16bit linear, 1 - 12bit nonlinear */
 
+    if (freq >= FF_ARRAY_ELEMS(dv_audio_frequency)) {
+        av_log(c->fctx, AV_LOG_ERROR,
+               "Unrecognized audio sample rate index (%d)\n", freq);
+        return 0;
+    }
+
     if (stype > 3) {
         av_log(c->fctx, AV_LOG_ERROR, "stype %d is invalid\n", stype);
         c->ach = 0;