Check for out of bound reads in the Electronic Arts CMV decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a5d46235f3f70f0b620f8e54649ece45ecc5b170)
author: Laurent Aimar <fenrir@videolan.org> 2011-10-01 00:45:01 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2011-10-01 21:03:31 +0200
commit: e8fd4a43ba758adb9378afe2cde4a5b9d4bda357 (patch)
tree: de84485720dea0aa50d972d2e0b58ed97c5271ff /libavcodec
parent: d950461f599241c770d29deea201d7438211dbbb (diff)
download: ffmpeg-e8fd4a43ba758adb9378afe2cde4a5b9d4bda357.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c
index 6e3b51998a..4cd6a6fd1f 100644
--- a/libavcodec/eacmv.c
+++ b/libavcodec/eacmv.c
@@ -158,6 +158,9 @@ static int cmv_decode_frame(AVCodecContext *avctx,
     CmvContext *s = avctx->priv_data;
     const uint8_t *buf_end = buf + buf_size;
 
+    if (buf_end - buf < EA_PREAMBLE_SIZE)
+        return AVERROR_INVALIDDATA;
+
     if (AV_RL32(buf)==MVIh_TAG||AV_RB32(buf)==MVIh_TAG) {
         cmv_process_header(s, buf+EA_PREAMBLE_SIZE, buf_end);
         return buf_size;
author	Laurent Aimar <fenrir@videolan.org>	2011-10-01 00:45:01 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2011-10-01 21:03:31 +0200
commit	e8fd4a43ba758adb9378afe2cde4a5b9d4bda357 (patch)
tree	de84485720dea0aa50d972d2e0b58ed97c5271ff /libavcodec
parent	d950461f599241c770d29deea201d7438211dbbb (diff)
download	ffmpeg-e8fd4a43ba758adb9378afe2cde4a5b9d4bda357.tar.gz