cinepak: Fix invalid read access on extra data

author Laurent Aimar <fenrir@videolan.org>

Sun, 11 Sep 2011 17:17:43 +0000 (19:17 +0200)

committer Janne Grunau <janne-libav@jannau.net>

Thu, 6 Oct 2011 21:35:29 +0000 (23:35 +0200)
author Laurent Aimar <fenrir@videolan.org>
Sun, 11 Sep 2011 17:17:43 +0000 (19:17 +0200)
committer Janne Grunau <janne-libav@jannau.net>
Thu, 6 Oct 2011 21:35:29 +0000 (23:35 +0200)
diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c

index 1d41ba2..c5d47be 100644 (file)
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -336,7 +336,8 @@ static int cinepak_decode (CinepakContext *s)
               * If the frame header is followed by the bytes FE 00 00 06 00 00 then
               * this is probably one of the two known files that have 6 extra bytes
               * after the frame header. Else, assume 2 extra bytes. */
-            if ((s->data[10] == 0xFE) &&
+            if (s->size >= 16 &&
+                (s->data[10] == 0xFE) &&
                  (s->data[11] == 0x00) &&
                  (s->data[12] == 0x00) &&
                  (s->data[13] == 0x06) &&
author	Laurent Aimar <fenrir@videolan.org>
	Sun, 11 Sep 2011 17:17:43 +0000 (19:17 +0200)
committer	Janne Grunau <janne-libav@jannau.net>
	Thu, 6 Oct 2011 21:35:29 +0000 (23:35 +0200)