From 3623589edc7b1257bb45aa9e52c9631e133f22b6 Mon Sep 17 00:00:00 2001
From: Anton Khirnov <anton@khirnov.net>
Date: Wed, 27 Mar 2013 18:18:38 +0100
Subject: [PATCH] dfa: check for invalid access in decode_wdlt().

This can happen when the number of skipped lines is not consistent with
the number of coded lines.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
---
 libavcodec/dfa.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/dfa.c b/libavcodec/dfa.c
index bbe4ce2..6619b98 100644
--- a/libavcodec/dfa.c
+++ b/libavcodec/dfa.c
@@ -255,6 +255,8 @@ static int decode_wdlt(GetByteContext *gb, uint8_t *frame, int width, int height
             segments = bytestream2_get_le16(gb);
         }
         line_ptr = frame;
+        if (frame_end - frame < width)
+            return AVERROR_INVALIDDATA;
         frame += width;
         y++;
         while (segments--) {
-- 
2.7.4