From 64c58f143604223fa02ad4f11b40fb128f72aae5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 2 Mar 2012 18:24:21 +0100 Subject: [PATCH] vc1: mquant is not allowed to be 0 Fixes out of bounds read. Checked against SMPTE 421M-2006 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/vc1dec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 2d3a94cbbd..6fb6b17ff8 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -1174,6 +1174,10 @@ static void vc1_mc_4mv_chroma4(VC1Context *v) mquant = v->pq + mqdiff; \ else \ mquant = get_bits(gb, 5); \ + if (!mquant) { \ + av_log(v->s.avctx,AV_LOG_ERROR, "zero mquant\n"); \ + mquant = 1; \ + } \ } \ } \ if (v->dqprofile == DQPROFILE_SINGLE_EDGE) \