[FFmpeg-cvslog] bink: Bound check the quantization matrix.
Luca Barbato
git at videolan.org
Tue Aug 27 19:23:48 CEST 2013
ffmpeg | branch: release/1.1 | Luca Barbato <lu_zero at gentoo.org> | Sun Aug 4 18:48:20 2013 +0200| [c5ba226c1b0b76c1e7fad17a1448b793240671f6] | committer: Luca Barbato
bink: Bound check the quantization matrix.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 9991298f2c4d9022ad56057f15d037e18d454157)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c5ba226c1b0b76c1e7fad17a1448b793240671f6
---
libavcodec/bink.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/bink.c b/libavcodec/bink.c
index 059601d..c637f4e 100644
--- a/libavcodec/bink.c
+++ b/libavcodec/bink.c
@@ -677,6 +677,9 @@ static int read_dct_coeffs(GetBitContext *gb, int32_t block[64], const uint8_t *
quant_idx = q;
}
+ if (quant_idx >= 16)
+ return AVERROR_INVALIDDATA;
+
quant = quant_matrices[quant_idx];
block[0] = (block[0] * quant[0]) >> 11;
More information about the ffmpeg-cvslog
mailing list