[FFmpeg-cvslog] xan: Check for out of bound reads in xan_huffman_decode()

[Laurent Aimar]

ffmpeg | branch: release/0.8 | Laurent Aimar <fenrir at videolan.org> | Thu Sep 29 20:38:01 2011 +0000| [49007b494eaf7727e445a62a4eb040b080a91f00] | committer: Reinhard Tartler

xan: Check for out of bound reads in xan_huffman_decode()

Signed-off-by: Janne Grunau <janne-libav at jannau.net>
(cherry picked from commit 3db3fdf4c669aed9379be430c17f151d4d0697c5)

Signed-off-by: Anton Khirnov <anton at khirnov.net>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=49007b494eaf7727e445a62a4eb040b080a91f00
---

 libavcodec/xan.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/libavcodec/xan.c b/libavcodec/xan.c
index 26c6db5..2b3a409 100644
--- a/libavcodec/xan.c
+++ b/libavcodec/xan.c
@@ -112,7 +112,10 @@ static int xan_huffman_decode(unsigned char *dest, int dest_len,
     init_get_bits(&gb, ptr, ptr_len * 8);
 
     while ( val != 0x16 ) {
-        val = src[val - 0x17 + get_bits1(&gb) * byte];
+        unsigned idx = val - 0x17 + get_bits1(&gb) * byte;
+        if (idx >= 2 * byte)
+            return -1;
+        val = src[idx];
 
         if ( val < 0x16 ) {
             if (dest >= dest_end)