smacker: Check for overread in smka_decode_frame()

Fixes a segfault with wetlog_fail.smk Bug found by: Shitiz Garg Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d0f7927177077799abe540f9195b5ce1fc089183) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2011-12-15 22:45:57 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2012-01-03 18:26:09 +0100
commit: 134b7f57dbcd9eed254f5309b6d9bb1b993b8fe3 (patch)
tree: 10a54dbca709dfda7bd39a6ddd6c9a5b73390687
parent: 0177ac9637b3fb9599f0afd15f765743b6f1900c (diff)
download: ffmpeg-134b7f57dbcd9eed254f5309b6d9bb1b993b8fe3.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index a983922fc7..fdc28e1a07 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -663,6 +663,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
         for(i = 0; i <= stereo; i++)
             *samples++ = pred[i];
         for(; i < unp_size / 2; i++) {
+            if(get_bits_left(&gb)<0)
+                return -1;
             if(i & stereo) {
                 if(vlc[2].table)
                     res = get_vlc2(&gb, vlc[2].table, SMKTREE_BITS, 3);
@@ -697,6 +699,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
         for(i = 0; i <= stereo; i++)
             *samples8++ = pred[i];
         for(; i < unp_size; i++) {
+            if(get_bits_left(&gb)<0)
+                return -1;
             if(i & stereo){
                 if(vlc[1].table)
                     res = get_vlc2(&gb, vlc[1].table, SMKTREE_BITS, 3);
author	Michael Niedermayer <michaelni@gmx.at>	2011-12-15 22:45:57 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2012-01-03 18:26:09 +0100
commit	134b7f57dbcd9eed254f5309b6d9bb1b993b8fe3 (patch)
tree	10a54dbca709dfda7bd39a6ddd6c9a5b73390687
parent	0177ac9637b3fb9599f0afd15f765743b6f1900c (diff)
download	ffmpeg-134b7f57dbcd9eed254f5309b6d9bb1b993b8fe3.tar.gz