eacmv: check for out of bound reads

Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 46cb2f6a2928a7fa4bee3f09b0475ccb8cdd2064) Signed-off-by: Anton Khirnov <anton@khirnov.net>
author: Laurent Aimar <fenrir@videolan.org> 2011-09-30 23:42:32 +0000
committer: Reinhard Tartler <siretart@tauware.de> 2012-03-18 17:50:40 +0100
commit: d75c80e9427eef962b1de8ce3dd0246dd2ec5c05 (patch)
tree: bd12b0a2d0c0e3903c3c683f8f656315449217b3
parent: 34d6f22a571e230b519223e779e14b93d7e20989 (diff)
download: ffmpeg-d75c80e9427eef962b1de8ce3dd0246dd2ec5c05.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c
index d848208ec8..2b9e6803e2 100644
--- a/libavcodec/eacmv.c
+++ b/libavcodec/eacmv.c
@@ -153,6 +153,9 @@ static int cmv_decode_frame(AVCodecContext *avctx,
     CmvContext *s = avctx->priv_data;
     const uint8_t *buf_end = buf + buf_size;
 
+    if (buf_end - buf < EA_PREAMBLE_SIZE)
+        return AVERROR_INVALIDDATA;
+
     if (AV_RL32(buf)==MVIh_TAG||AV_RB32(buf)==MVIh_TAG) {
         cmv_process_header(s, buf+EA_PREAMBLE_SIZE, buf_end);
         return buf_size;
author	Laurent Aimar <fenrir@videolan.org>	2011-09-30 23:42:32 +0000
committer	Reinhard Tartler <siretart@tauware.de>	2012-03-18 17:50:40 +0100
commit	d75c80e9427eef962b1de8ce3dd0246dd2ec5c05 (patch)
tree	bd12b0a2d0c0e3903c3c683f8f656315449217b3
parent	34d6f22a571e230b519223e779e14b93d7e20989 (diff)
download	ffmpeg-d75c80e9427eef962b1de8ce3dd0246dd2ec5c05.tar.gz