On Mon, 16 Sep 2013, Martin Storsjö wrote:
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: [email protected] --- libavformat/idroqdec.c | 7 +++++++ 1 file changed, 7 insertions(+)diff --git a/libavformat/idroqdec.c b/libavformat/idroqdec.c index eeaafec..82eff24 100644 --- a/libavformat/idroqdec.c +++ b/libavformat/idroqdec.c @@ -142,6 +142,8 @@ static int roq_read_packet(AVFormatContext *s, break; case RoQ_QUAD_CODEBOOK: + if (roq->video_stream_index < 0) + return AVERROR_INVALIDDATA; /* packet needs to contain both this codebook and next VQ chunk */ codebook_offset = avio_tell(pb) - RoQ_CHUNK_PREAMBLE_SIZE; codebook_size = chunk_size; @@ -191,6 +193,11 @@ static int roq_read_packet(AVFormatContext *s, st->codec->block_align = st->codec->channels * st->codec->bits_per_coded_sample; } case RoQ_QUAD_VQ: + if (chunk_type == RoQ_QUAD_VQ) { + if (roq->video_stream_index < 0) + return AVERROR_INVALIDDATA; + } + /* load up the packet */ if (av_new_packet(pkt, chunk_size + RoQ_CHUNK_PREAMBLE_SIZE)) return AVERROR(EIO); -- 1.7.9.4
Ok'd by Luca on irc. // Martin _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
