From c4abc9098cacb227dba39bac6aea16b2bceba0d0 Mon Sep 17 00:00:00 2001
From: Luca Barbato <lu_zero@gentoo.org>
Date: Thu, 27 Jun 2013 03:19:05 +0200
Subject: [PATCH] vqavideo: check the version

Prevent out of buffer write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
---
 libavcodec/vqavideo.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c
index ed4d8147cbf..98f82ad571f 100644
--- a/libavcodec/vqavideo.c
+++ b/libavcodec/vqavideo.c
@@ -134,6 +134,17 @@ static av_cold int vqa_decode_init(AVCodecContext *avctx)
 
     /* load up the VQA parameters from the header */
     s->vqa_version = s->avctx->extradata[0];
+    switch (s->vqa_version) {
+    case 1:
+    case 2:
+        break;
+    case 3:
+        avpriv_report_missing_feature(avctx, "VQA Version %d", s->vqa_version);
+        return AVERROR_PATCHWELCOME;
+    default:
+        avpriv_request_sample(avctx, "VQA Version %i", s->vqa_version);
+        return AVERROR_PATCHWELCOME;
+    }
     s->width = AV_RL16(&s->avctx->extradata[6]);
     s->height = AV_RL16(&s->avctx->extradata[8]);
     if ((ret = av_image_check_size(s->width, s->height, 0, avctx)) < 0) {
-- 
GitLab