vc1: mquant is not allowed to be 0

Fixes out of bounds read. Checked against SMPTE 421M-2006 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2012-03-02 21:24:21 +0400
committer: Michael Niedermayer <michaelni@gmx.at> 2012-03-02 21:40:42 +0400
commit: 64c58f143604223fa02ad4f11b40fb128f72aae5 (patch)
tree: 25bff35baae580baaa8807347a7f686cf3ada35a /libavcodec/vc1dec.c
parent: e93d911e483ffcf3da3dd2cbac2895fa061d2f58 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index 2d3a94cbbd..6fb6b17ff8 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -1174,6 +1174,10 @@ static void vc1_mc_4mv_chroma4(VC1Context *v)
                     mquant = v->pq + mqdiff;                   \
                 else                                           \
                     mquant = get_bits(gb, 5);                  \
+                if (!mquant) {                                 \
+                    av_log(v->s.avctx,AV_LOG_ERROR, "zero mquant\n");   \
+                    mquant = 1;                                \
+                }                                              \
             }                                                  \
         }                                                      \
         if (v->dqprofile == DQPROFILE_SINGLE_EDGE)             \
author	Michael Niedermayer <michaelni@gmx.at>	2012-03-02 21:24:21 +0400
committer	Michael Niedermayer <michaelni@gmx.at>	2012-03-02 21:40:42 +0400
commit	64c58f143604223fa02ad4f11b40fb128f72aae5 (patch)
tree	25bff35baae580baaa8807347a7f686cf3ada35a /libavcodec/vc1dec.c
parent	e93d911e483ffcf3da3dd2cbac2895fa061d2f58 (diff)