indeo: Bound-check before applying transform

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
author: Luca Barbato <lu_zero@gentoo.org> 2013-07-12 14:33:24 +0200
committer: Luca Barbato <lu_zero@gentoo.org> 2013-07-13 19:11:18 +0200
commit: dc79685195a45c9b8b17d7b93d118e0aefa45462 (patch)
tree: 1188ab3efacb8406d84ff847f2abede26162d0cb /libavcodec/indeo4.c
parent: cd78e934c246d1b2510f8fba0abfe40bb75795f6 (diff)
download: ffmpeg-dc79685195a45c9b8b17d7b93d118e0aefa45462.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c
index dbf24fac2a..1d68ded3ff 100644
--- a/libavcodec/indeo4.c
+++ b/libavcodec/indeo4.c
@@ -346,6 +346,13 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band,
             band->inv_transform = transforms[transform_id].inv_trans;
             band->dc_transform  = transforms[transform_id].dc_trans;
             band->is_2d_trans   = transforms[transform_id].is_2d_trans;
+            if (transform_id < 10)
+                band->transform_size = 8;
+            else
+                band->transform_size = 4;
+
+            if (band->blk_size != band->transform_size)
+                return AVERROR_INVALIDDATA;
 
             scan_indx = get_bits(&ctx->gb, 4);
             if (scan_indx == 15) {
author	Luca Barbato <lu_zero@gentoo.org>	2013-07-12 14:33:24 +0200
committer	Luca Barbato <lu_zero@gentoo.org>	2013-07-13 19:11:18 +0200
commit	dc79685195a45c9b8b17d7b93d118e0aefa45462 (patch)
tree	1188ab3efacb8406d84ff847f2abede26162d0cb /libavcodec/indeo4.c
parent	cd78e934c246d1b2510f8fba0abfe40bb75795f6 (diff)
download	ffmpeg-dc79685195a45c9b8b17d7b93d118e0aefa45462.tar.gz