From 2f74f8d7dce2baff3a4401130a8e479c2899fd16 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer
Date: Wed, 14 Nov 2012 00:01:56 +0100
Subject: imc: sanity check scalefactors.

This fixes undefined behavior

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/imc.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'libavcodec/imc.c')

diff --git a/libavcodec/imc.c b/libavcodec/imc.c
index fff4b90ee7..fdf8e2cb28 100644
--- a/libavcodec/imc.c
+++ b/libavcodec/imc.c
@@ -805,6 +805,13 @@ static int imc_decode_block(AVCodecContext *avctx, IMCContext *q, int ch)
         imc_decode_level_coefficients2(q, chctx->levlCoeffBuf, chctx->old_floor,
                                        chctx->flcoeffs1, chctx->flcoeffs2);
 
+    for(i=0; i<BANDS; i++) {
+        if(chctx->flcoeffs1[i] > INT_MAX) {
+            av_log(avctx, AV_LOG_ERROR, "scalefactor out of range\n");
+            return AVERROR_INVALIDDATA;
+        }
+    }
+
     memcpy(chctx->old_floor, chctx->flcoeffs1, 32 * sizeof(float));
 
     counter = 0;
-- 
cgit v1.2.3