vb: Add some checks on input buffer related values.

Fixes crash with INTRO_FAIL.VB Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2011-12-09 23:46:16 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2011-12-09 23:46:16 +0100
commit: 5b98ea1b7309fd43694b92e990439636630f408a (patch)
tree: 5642cc6c266671d939d4f6e05c391706f25df88e
parent: 4557d7d01fa204d0e21c5ca40604dd013b911c47 (diff)
download: ffmpeg-5b98ea1b7309fd43694b92e990439636630f408a.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/libavcodec/vb.c b/libavcodec/vb.c
index d66c47b976..26967db7b2 100644
--- a/libavcodec/vb.c
+++ b/libavcodec/vb.c
@@ -221,10 +221,14 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
         offset = i + j * avctx->width;
         rest -= 4;
     }
+    if(rest < 0){
+        av_log(avctx, AV_LOG_ERROR, "not enough data\n");
+        return -1;
+    }
     if(flags & VB_HAS_VIDEO){
         size = bytestream_get_le32(&c->stream);
-        if(size > rest){
-            av_log(avctx, AV_LOG_ERROR, "Frame size is too big\n");
+        if(size > rest || size<4){
+            av_log(avctx, AV_LOG_ERROR, "Frame size invalid\n");
             return -1;
         }
         vb_decode_framedata(c, c->stream, size, offset);
author	Michael Niedermayer <michaelni@gmx.at>	2011-12-09 23:46:16 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2011-12-09 23:46:16 +0100
commit	5b98ea1b7309fd43694b92e990439636630f408a (patch)
tree	5642cc6c266671d939d4f6e05c391706f25df88e
parent	4557d7d01fa204d0e21c5ca40604dd013b911c47 (diff)
download	ffmpeg-5b98ea1b7309fd43694b92e990439636630f408a.tar.gz