From e6dc9c6f99a886bee0399dfe47c2b0f5afff80e5 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Mon, 16 Feb 2004 03:34:11 +0000
Subject: [PATCH] more error checks for the sequence header

Originally committed as revision 2788 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/mpeg12.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c
index 0e47048d445..72f815cc146 100644
--- a/libavcodec/mpeg12.c
+++ b/libavcodec/mpeg12.c
@@ -2373,6 +2373,10 @@ static int mpeg1_decode_sequence(AVCodecContext *avctx,
     if (get_bits1(&s->gb)) {
         for(i=0;i<64;i++) {
             v = get_bits(&s->gb, 8);
+            if(v==0){
+                av_log(s->avctx, AV_LOG_ERROR, "intra matrix damaged\n");
+                return -1;
+            }
             j = s->intra_scantable.permutated[i];
             s->intra_matrix[j] = v;
             s->chroma_intra_matrix[j] = v;
@@ -2394,6 +2398,10 @@ static int mpeg1_decode_sequence(AVCodecContext *avctx,
     if (get_bits1(&s->gb)) {
         for(i=0;i<64;i++) {
             v = get_bits(&s->gb, 8);
+            if(v==0){
+                av_log(s->avctx, AV_LOG_ERROR, "inter matrix damaged\n");
+                return -1;
+            }
             j = s->intra_scantable.permutated[i];
             s->inter_matrix[j] = v;
             s->chroma_inter_matrix[j] = v;
@@ -2412,6 +2420,11 @@ static int mpeg1_decode_sequence(AVCodecContext *avctx,
             s->chroma_inter_matrix[j] = v;
         }
     }
+    
+    if(show_bits(&s->gb, 23) != 0){
+        av_log(s->avctx, AV_LOG_ERROR, "sequence header damaged\n");
+        return -1;
+    }
 
     /* we set mpeg2 parameters so that it emulates mpeg1 */
     s->progressive_sequence = 1;
-- 
GitLab