avformat/swfdec: Move packet size check before side data allocation

Fixes memleak
Fixes: 9eb9cf5b8c26dd0fa7107ed0348dcc1f/signal_sigabrt_7ffff6ae7c37_8927_f14c2a6ae1ad0bbde2c94f1da50e7074.swf

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

1 files changed, 5 insertions, 4 deletions

diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c
index fa2435e0a0..2d8e3b0e3e 100644
--- a/libavformat/swfdec.c
+++ b/libavformat/swfdec.c
@@ -395,6 +395,11 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt)
             pkt->pos = pos;
             pkt->stream_index = st->index;
 
+            if (linesize * height > pkt->size) {
+                res = AVERROR_INVALIDDATA;
+                goto bitmap_end;
+            }
+
             switch (bmp_fmt) {
             case 3:
                 pix_fmt = AV_PIX_FMT_PAL8;
@@ -422,10 +427,6 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt)
             } else
                 st->codecpar->format = pix_fmt;
 
-            if (linesize * height > pkt->size) {
-                res = AVERROR_INVALIDDATA;
-                goto bitmap_end;
-            }
             memcpy(pkt->data, buf + colormapsize*colormapbpp, linesize * height);
 
             res = pkt->size;