Fixed invalid read access on extra data in cinepak decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Laurent Aimar <fenrir@videolan.org> 2011-09-11 19:17:43 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2011-09-11 21:19:46 +0200
commit: dc255275f6293a060518271a151e1ce75499e874 (patch)
tree: 75e17cdba6c6d20fc50461192ffa8b26ab755bc4
parent: d0121e8d969cde74fa7dbd96d3602109b051e701 (diff)
download: ffmpeg-dc255275f6293a060518271a151e1ce75499e874.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
index d2e0c26ddc..5a1ccd885d 100644
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -336,7 +336,8 @@ static int cinepak_decode (CinepakContext *s)
              * If the frame header is followed by the bytes FE 00 00 06 00 00 then
              * this is probably one of the two known files that have 6 extra bytes
              * after the frame header. Else, assume 2 extra bytes. */
-            if ((s->data[10] == 0xFE) &&
+            if (s->size >= 16 &&
+                (s->data[10] == 0xFE) &&
                 (s->data[11] == 0x00) &&
                 (s->data[12] == 0x00) &&
                 (s->data[13] == 0x06) &&
author	Laurent Aimar <fenrir@videolan.org>	2011-09-11 19:17:43 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2011-09-11 21:19:46 +0200
commit	dc255275f6293a060518271a151e1ce75499e874 (patch)
tree	75e17cdba6c6d20fc50461192ffa8b26ab755bc4
parent	d0121e8d969cde74fa7dbd96d3602109b051e701 (diff)
download	ffmpeg-dc255275f6293a060518271a151e1ce75499e874.tar.gz