From 8856c4c5c924b85888fcaf486e71ba15b8af610b Mon Sep 17 00:00:00 2001
From: Laurent Aimar <fenrir@videolan.org>
Date: Sat, 1 Oct 2011 00:45:04 +0200
Subject: [PATCH] Fix out of bound reads in the QDM2 decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 5a19acb17ceb71657b0eec51dac651953520e5c8)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 0d93d5c4614fafea74bdac681673f5b32eb49063)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
---
 libavcodec/qdm2.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
index 3273dd1795..ec33c492f4 100644
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -1356,6 +1356,8 @@ static void qdm2_fft_decode_tones (QDM2Context *q, int duration, GetBitContext *
             return;
 
         local_int_14 = (offset >> local_int_8);
+        if (local_int_14 >= FF_ARRAY_ELEMS(fft_level_index_table))
+            return;
 
         if (q->nb_channels > 1) {
             channel = get_bits1(gb);