cinepak: Fix invalid read access on extra data

Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit d239d4b447885cb7c5eee9ce359f34ad6b64f373) Signed-off-by: Anton Khirnov <anton@khirnov.net>
author: Laurent Aimar <fenrir@videolan.org> 2011-09-11 19:17:43 +0200
committer: Reinhard Tartler <siretart@tauware.de> 2012-03-18 17:50:30 +0100
commit: 987f5dc55ed5b1d882ad8d8adb3e51b4e3aa4679 (patch)
tree: d91562da8a813ee7646f66f801c974e27bfd45b9
parent: 5bb9ce755b5913f53eb72c2f18942671d6f3a850 (diff)
download: ffmpeg-987f5dc55ed5b1d882ad8d8adb3e51b4e3aa4679.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
index 4bda2a74eb..c67af0a413 100644
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -336,7 +336,8 @@ static int cinepak_decode (CinepakContext *s)
              * If the frame header is followed by the bytes FE 00 00 06 00 00 then
              * this is probably one of the two known files that have 6 extra bytes
              * after the frame header. Else, assume 2 extra bytes. */
-            if ((s->data[10] == 0xFE) &&
+            if (s->size >= 16 &&
+                (s->data[10] == 0xFE) &&
                 (s->data[11] == 0x00) &&
                 (s->data[12] == 0x00) &&
                 (s->data[13] == 0x06) &&
author	Laurent Aimar <fenrir@videolan.org>	2011-09-11 19:17:43 +0200
committer	Reinhard Tartler <siretart@tauware.de>	2012-03-18 17:50:30 +0100
commit	987f5dc55ed5b1d882ad8d8adb3e51b4e3aa4679 (patch)
tree	d91562da8a813ee7646f66f801c974e27bfd45b9
parent	5bb9ce755b5913f53eb72c2f18942671d6f3a850 (diff)
download	ffmpeg-987f5dc55ed5b1d882ad8d8adb3e51b4e3aa4679.tar.gz