From 564dd3f0f40008be8943af59686c0e8c4d67dd08 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Fri, 15 Jan 2016 00:17:10 +0100
Subject: [PATCH] mpeg4videodec: silence ubsan warning

s->ac_val[0][0] is of type 'int16_t [16]', but points into a larger buffer.
Here it is used as base pointer to find the correct position in the
larger buffer by adding 's->block_index[n] * 16' and thus as 'int16_t *'.

This fixes clang's ubsan runtime error: index out of bounds for type
'int16_t [16]'

Fixes: test_case.mp4

Found-by: Tyson Smith <twsmith@mozilla.com>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavcodec/mpeg4videodec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index 133adbb6fe..527cbe96c5 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -67,7 +67,7 @@ void ff_mpeg4_pred_ac(MpegEncContext *s, int16_t *block, int n, int dir)
     int8_t *const qscale_table = s->current_picture.qscale_table;
 
     /* find prediction */
-    ac_val  = s->ac_val[0][0] + s->block_index[n] * 16;
+    ac_val  = &s->ac_val[0][0][0] + s->block_index[n] * 16;
     ac_val1 = ac_val;
     if (s->ac_pred) {
         if (dir == 0) {