bink: Bound check the quantization matrix.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 9991298f2c4d9022ad56057f15d037e18d454157)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

diff --git a/libavcodec/bink.c b/libavcodec/bink.c
index f38c030b7c05663f8e4a8e6c8d1df4c1fb102462..47fcc81172f175938ce68c40b9f853a0b4220d95 100644 (file)
--- a/libavcodec/bink.c
+++ b/libavcodec/bink.c
@@ -675,6 +675,9 @@ static int read_dct_coeffs(GetBitContext *gb, int32_t block[64], const uint8_t *
         quant_idx = q;
     }
 
+    if (quant_idx >= 16)
+        return AVERROR_INVALIDDATA;
+
     quant = quant_matrices[quant_idx];
 
     block[0] = (block[0] * quant[0]) >> 11;