From 884efd4e09696b201457feebdef684aee30be99d Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Mon, 16 Apr 2012 14:38:40 +0200
Subject: [PATCH] indeo4: avoid storing invalid values in quant_mat.

Fixes a global array overread

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/indeo4.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c
index eacf70d52f..45ff6197c5 100644
--- a/libavcodec/indeo4.c
+++ b/libavcodec/indeo4.c
@@ -327,6 +327,7 @@ static int decode_band_hdr(IVI4DecContext *ctx, IVIBandDesc *band,
 {
     int plane, band_num, indx, transform_id, scan_indx;
     int i;
+    int quant_mat;
 
     plane    = get_bits(&ctx->gb, 2);
     band_num = get_bits(&ctx->gb, 4);
@@ -408,15 +409,16 @@ static int decode_band_hdr(IVI4DecContext *ctx, IVIBandDesc *band,
             }
             band->scan = scan_index_to_tab[scan_indx];
 
-            band->quant_mat = get_bits(&ctx->gb, 5);
-            if (band->quant_mat == 31) {
+            quant_mat = get_bits(&ctx->gb, 5);
+            if (quant_mat == 31) {
                 av_log(avctx, AV_LOG_ERROR, "Custom quant matrix encountered!\n");
                 return AVERROR_INVALIDDATA;
             }
-            if (band->quant_mat > 21) {
+            if (quant_mat > 21) {
                 av_log(avctx, AV_LOG_ERROR, "Invalid quant matrix encountered!\n");
                 return AVERROR_INVALIDDATA;
             }
+            band->quant_mat = quant_mat;
         }
 
         /* decode block huffman codebook */