From c3d5cd1ebfba8fe36a0da7fad47df7fdf9c4ccd0 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Mon, 25 Nov 2013 19:45:43 +0100
Subject: [PATCH] Revert "Merge remote-tracking branch 'qatar/master'"
 (43dec5ef9a360c9ffac3278f464832bd99af0cb0)

Fixes out of array accesses
Fixes asan_static-oob_eb9812_5961_iv41.avi
This reverts the merge of c9ef6b09326a24010bf86d6b0d19cfa42df4d546

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
---
 libavcodec/indeo4.c | 24 ++++++++++--------------
 1 file changed, 10 insertions(+), 14 deletions(-)

diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c
index df878c59058..0774f82ce5d 100644
--- a/libavcodec/indeo4.c
+++ b/libavcodec/indeo4.c
@@ -284,6 +284,7 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band,
 {
     int plane, band_num, indx, transform_id, scan_indx;
     int i;
+    int quant_mat;
 
     plane    = get_bits(&ctx->gb, 2);
     band_num = get_bits(&ctx->gb, 4);
@@ -382,18 +383,17 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band,
             band->scan = scan_index_to_tab[scan_indx];
             band->scan_size = band->blk_size;
 
-            band->quant_mat = get_bits(&ctx->gb, 5);
-            if (band->quant_mat >= FF_ARRAY_ELEMS(quant_index_to_tab)) {
-
-                if (band->quant_mat == 31)
-                    av_log(avctx, AV_LOG_ERROR,
-                           "Custom quant matrix encountered!\n");
-                else
-                    avpriv_request_sample(avctx, "Quantization matrix %d",
-                                          band->quant_mat);
-                band->quant_mat = -1;
+            quant_mat = get_bits(&ctx->gb, 5);
+            if (quant_mat == 31) {
+                av_log(avctx, AV_LOG_ERROR, "Custom quant matrix encountered!\n");
+                return AVERROR_INVALIDDATA;
+            }
+            if (quant_mat >= FF_ARRAY_ELEMS(quant_index_to_tab)) {
+                avpriv_request_sample(avctx, "Quantization matrix %d",
+                                      quant_mat);
                 return AVERROR_INVALIDDATA;
             }
+            band->quant_mat = quant_mat;
         } else {
             if (old_blk_size != band->blk_size) {
                 av_log(avctx, AV_LOG_ERROR,
@@ -401,10 +401,6 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band,
                        "inherited\n");
                 return AVERROR_INVALIDDATA;
             }
-            if (band->quant_mat < 0) {
-                av_log(avctx, AV_LOG_ERROR, "Invalid quant_mat inherited\n");
-                return AVERROR_INVALIDDATA;
-            }
         }
         if (quant_index_to_tab[band->quant_mat] > 4 && band->blk_size == 4) {
             av_log(avctx, AV_LOG_ERROR, "Invalid quant matrix for 4x4 block encountered!\n");
-- 
GitLab