From 3d2ea5037ccc3cd4b08f957dff4d342e84a77284 Mon Sep 17 00:00:00 2001
From: Harish Mahendrakar <harish.mahendrakar@ittiam.com>
Date: Wed, 5 Aug 2015 11:35:47 +0530
Subject: Fixed an out of bound read in accessing inverse scan table

Change-Id: Ib25db1da92eee390a3847df06c0c0675ebcfb1a4
---
 decoder/ihevcd_parse_residual.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'decoder')

diff --git a/decoder/ihevcd_parse_residual.c b/decoder/ihevcd_parse_residual.c
index fc84fa3..6e2a39c 100644
--- a/decoder/ihevcd_parse_residual.c
+++ b/decoder/ihevcd_parse_residual.c
@@ -191,7 +191,7 @@ WORD32 ihevcd_parse_residual_coding(codec_t *ps_codec,
     bitstrm_t *ps_bitstrm = &ps_codec->s_parse.s_bitstrm;
     WORD32 last_significant_coeff_x_prefix, last_significant_coeff_y_prefix;
     WORD32 last_significant_coeff_x, last_significant_coeff_y;
-    const UWORD8 *pu1_scan_blk, *pu1_scan_coeff;
+    const UWORD8 *pu1_scan_blk = NULL, *pu1_scan_coeff;
     WORD32 scan_idx;
     WORD32 i;
     WORD32 sign_data_hiding_flag;
@@ -387,7 +387,8 @@ WORD32 ihevcd_parse_residual_coding(codec_t *ps_codec,
 
         last_scan_pos = pu1_scan_coeff[scan_pos];
     }
-    pu1_scan_blk = (UWORD8 *)gapv_ihevc_invscan[scan_idx * 3 + (log2_trafo_size - 2 - 1)];
+    if(log2_trafo_size > 2)
+        pu1_scan_blk = (UWORD8 *)gapv_ihevc_invscan[scan_idx * 3 + (log2_trafo_size - 2 - 1)];
     pu1_scan_coeff  = &gau1_ihevc_invscan4x4[scan_idx][0];
 
     /* Set CSBF array to zero */
-- 
cgit v1.2.3