avcodec/vqavideo: Check chunk size

Fixes CID1239154 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8a62b80ce6c8e87e7937f9a5d68f83882c1c8da2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2015-05-13 00:41:38 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2015-05-15 10:04:51 +0200
commit: 375a97bb7055e0ff48cf08abb7c9a9ee7aad7df2 (patch)
tree: ec3f5ff650d275d30818cb95570243fff68dcd4c
parent: 0fc6a9511634c58f1cb93ccf8f6bb1da14141d8b (diff)
download: ffmpeg-375a97bb7055e0ff48cf08abb7c9a9ee7aad7df2.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c
index 4dcebd4849..bf55571fe9 100644
--- a/libavcodec/vqavideo.c
+++ b/libavcodec/vqavideo.c
@@ -231,6 +231,12 @@ static int decode_format80(VqaContext *s, int src_size,
     unsigned char color;
     int i;
 
+    if (src_size < 0 || src_size > bytestream2_get_bytes_left(&s->gb)) {
+        av_log(s->avctx, AV_LOG_ERROR, "Chunk size %d is out of range\n",
+               src_size);
+        return AVERROR_INVALIDDATA;
+    }
+
     start = bytestream2_tell(&s->gb);
     while (bytestream2_tell(&s->gb) - start < src_size) {
         opcode = bytestream2_get_byte(&s->gb);
author	Michael Niedermayer <michaelni@gmx.at>	2015-05-13 00:41:38 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2015-05-15 10:04:51 +0200
commit	375a97bb7055e0ff48cf08abb7c9a9ee7aad7df2 (patch)
tree	ec3f5ff650d275d30818cb95570243fff68dcd4c
parent	0fc6a9511634c58f1cb93ccf8f6bb1da14141d8b (diff)
download	ffmpeg-375a97bb7055e0ff48cf08abb7c9a9ee7aad7df2.tar.gz