# HG changeset patch
# User benoit
# Date 1232962883 0
# Node ID 16b978f64d9e17f7ccc1d5b3a5d4ac0bb5858ecb
# Parent  191860960b235167884c6086bd876692648004fe
Fix an exploit in indeo by checking we are not writing out of the strip array.
Fixes issue 655

diff -r 191860960b23 -r 16b978f64d9e indeo3.c
--- a/indeo3.c	Mon Jan 26 03:40:48 2009 +0000
+++ b/indeo3.c	Mon Jan 26 09:41:23 2009 +0000
@@ -252,6 +252,10 @@
 
         if(cmd == 0) {
             strip++;
+            if(strip >= strip_tbl + FF_ARRAY_ELEMS(strip_tbl)) {
+                av_log(s->avctx, AV_LOG_WARNING, "out of range strip\n");
+                break;
+            }
             memcpy(strip, strip-1, sizeof(*strip));
             strip->split_flag = 1;
             strip->split_direction = 0;
@@ -259,6 +263,10 @@
             continue;
         } else if(cmd == 1) {
             strip++;
+            if(strip >= strip_tbl + FF_ARRAY_ELEMS(strip_tbl)) {
+                av_log(s->avctx, AV_LOG_WARNING, "out of range strip\n");
+                break;
+            }
             memcpy(strip, strip-1, sizeof(*strip));
             strip->split_flag = 1;
             strip->split_direction = 1;