diff options
author | Laurent Aimar <fenrir@videolan.org> | 2011-09-11 19:17:43 +0200 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2011-09-11 21:19:46 +0200 |
commit | dc255275f6293a060518271a151e1ce75499e874 (patch) | |
tree | 75e17cdba6c6d20fc50461192ffa8b26ab755bc4 /libavcodec | |
parent | d0121e8d969cde74fa7dbd96d3602109b051e701 (diff) | |
download | ffmpeg-dc255275f6293a060518271a151e1ce75499e874.tar.gz |
Fixed invalid read access on extra data in cinepak decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec')
-rw-r--r-- | libavcodec/cinepak.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c index d2e0c26ddc..5a1ccd885d 100644 --- a/libavcodec/cinepak.c +++ b/libavcodec/cinepak.c @@ -336,7 +336,8 @@ static int cinepak_decode (CinepakContext *s) * If the frame header is followed by the bytes FE 00 00 06 00 00 then * this is probably one of the two known files that have 6 extra bytes * after the frame header. Else, assume 2 extra bytes. */ - if ((s->data[10] == 0xFE) && + if (s->size >= 16 && + (s->data[10] == 0xFE) && (s->data[11] == 0x00) && (s->data[12] == 0x00) && (s->data[13] == 0x06) && |