avcodec/hnm4video: check intraframe size

Fixes hypothetical integer overflow with HNM4_CHUNK_ID_IZ Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-11-22 16:54:01 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2013-11-22 17:02:00 +0100
commit: 0398b7cbd39abb049775d558ccc4ccf6dc01e92c (patch)
tree: f7a045a350f77cbe6748df44fc0a650d4c443075 /libavcodec
parent: 6060234d43dcf0b5200cdd7dbd2f1542146827eb (diff)
download: ffmpeg-0398b7cbd39abb049775d558ccc4ccf6dc01e92c.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/hnm4video.c b/libavcodec/hnm4video.c
index d2c4ce3a4c..b6ab60e2ae 100644
--- a/libavcodec/hnm4video.c
+++ b/libavcodec/hnm4video.c
@@ -373,6 +373,10 @@ static int hnm_decode_frame(AVCodecContext *avctx, void *data,
         hnm_update_palette(avctx, avpkt->data, avpkt->size);
         frame->palette_has_changed = 1;
     } else if (chunk_id == HNM4_CHUNK_ID_IZ) {
+        if (avpkt->size < 12) {
+            av_log(avctx, AV_LOG_ERROR, "packet too small\n");
+            return AVERROR_INVALIDDATA;
+        }
         unpack_intraframe(avctx, avpkt->data + 12, avpkt->size - 12);
         memcpy(hnm->previous, hnm->current, hnm->width * hnm->height);
         if (hnm->version == 0x4a)
author	Michael Niedermayer <michaelni@gmx.at>	2013-11-22 16:54:01 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2013-11-22 17:02:00 +0100
commit	0398b7cbd39abb049775d558ccc4ccf6dc01e92c (patch)
tree	f7a045a350f77cbe6748df44fc0a650d4c443075 /libavcodec
parent	6060234d43dcf0b5200cdd7dbd2f1542146827eb (diff)
download	ffmpeg-0398b7cbd39abb049775d558ccc4ccf6dc01e92c.tar.gz