From 3b2cd83a829e01a603b52fdc058a054b7899d06e Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 1 Dec 2012 21:42:02 +0100
Subject: [PATCH] dcadec: check lfe field

Fix out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/dcadec.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/dcadec.c b/libavcodec/dcadec.c
index 8b985a86cf..77fe92a693 100644
--- a/libavcodec/dcadec.c
+++ b/libavcodec/dcadec.c
@@ -737,6 +737,12 @@ static int dca_parse_frame_header(DCAContext *s)
     s->lfe               = get_bits(&s->gb, 2);
     s->predictor_history = get_bits(&s->gb, 1);
 
+    if (s->lfe == 3) {
+        s->lfe = 0;
+        av_log_ask_for_sample(s->avctx, "LFE is 3\n");
+        return AVERROR_PATCHWELCOME;
+    }
+
     /* TODO: check CRC */
     if (s->crc_present)
         s->header_crc    = get_bits(&s->gb, 16);