[FFmpeg-cvslog] ivi_common: check that scan pattern is set before using it.

Thu Jan 17 03:09:31 CET 2013

ffmpeg | branch: release/0.8 | Anton Khirnov <anton at khirnov.net> | Thu Dec 13 19:38:20 2012 +0100| [9f8071245491b7060fac823b8060e06e14ca403b] | committer: Reinhard Tartler

ivi_common: check that scan pattern is set before using it.

Fixes CVE-2012-2791.

CC: libav-stable at libav.org

(cherry picked from commit deabb52ab4c1fdb3dd319f3980b1489a182011f1)

Signed-off-by: Reinhard Tartler <siretart at tauware.de>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9f8071245491b7060fac823b8060e06e14ca403b
---

 libavcodec/ivi_common.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/ivi_common.c b/libavcodec/ivi_common.c
index 22af3a7..f55371c 100644
--- a/libavcodec/ivi_common.c
+++ b/libavcodec/ivi_common.c
@@ -410,6 +410,11 @@ int ff_ivi_decode_blocks(GetBitContext *gb, IVIBandDesc *band, IVITile *tile)
             }
 
             if (cbp & 1) { /* block coded ? */
+                if (!band->scan) {
+                    av_log(NULL, AV_LOG_ERROR, "Scan pattern is not set.\n");
+                    return AVERROR_INVALIDDATA;
+                }
+
                 scan_pos = -1;
                 memset(trvec, 0, num_coeffs*sizeof(trvec[0])); /* zero transform vector */
                 memset(col_flags, 0, sizeof(col_flags));      /* zero column flags */

