eacmv: check for out of bound reads

author Laurent Aimar <fenrir@videolan.org>

Fri, 30 Sep 2011 23:42:32 +0000 (23:42 +0000)

committer Janne Grunau <janne-libav@jannau.net>

Mon, 10 Oct 2011 19:36:13 +0000 (21:36 +0200)
author Laurent Aimar <fenrir@videolan.org>
Fri, 30 Sep 2011 23:42:32 +0000 (23:42 +0000)
committer Janne Grunau <janne-libav@jannau.net>
Mon, 10 Oct 2011 19:36:13 +0000 (21:36 +0200)
diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c

index 0a146f5..085e2d8 100644 (file)
--- a/libavcodec/eacmv.c
+++ b/libavcodec/eacmv.c
@@ -153,6 +153,9 @@ static int cmv_decode_frame(AVCodecContext *avctx,
      CmvContext *s = avctx->priv_data;
      const uint8_t *buf_end = buf + buf_size;
  
+    if (buf_end - buf < EA_PREAMBLE_SIZE)
+        return AVERROR_INVALIDDATA;
+
      if (AV_RL32(buf)==MVIh_TAG||AV_RB32(buf)==MVIh_TAG) {
          cmv_process_header(s, buf+EA_PREAMBLE_SIZE, buf_end);
          return buf_size;
author	Laurent Aimar <fenrir@videolan.org>
	Fri, 30 Sep 2011 23:42:32 +0000 (23:42 +0000)
committer	Janne Grunau <janne-libav@jannau.net>
	Mon, 10 Oct 2011 19:36:13 +0000 (21:36 +0200)