idcin: check chunk_size value before using it

Fixes integer overflow. Fixes CID732223. Signed-off-by: Paul B Mahol <onemda@gmail.com>
author: Paul B Mahol <onemda@gmail.com> 2012-10-15 15:48:13 +0000
committer: Paul B Mahol <onemda@gmail.com> 2012-10-15 15:48:13 +0000
commit: 295218f531528d18f0f21937d3ddf28318898a7c (patch)
tree: 1248c420604796792281397f8aba6439de683361 /libavformat/idcin.c
parent: 3f8148911c6e6e1f2a042bd4ca3ad8516a92130c (diff)
download: ffmpeg-295218f531528d18f0f21937d3ddf28318898a7c.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/idcin.c b/libavformat/idcin.c
index f1df00244f..bede04075e 100644
--- a/libavformat/idcin.c
+++ b/libavformat/idcin.c
@@ -256,6 +256,8 @@ static int idcin_read_packet(AVFormatContext *s,
         chunk_size = avio_rl32(pb);
         /* skip the number of decoded bytes (always equal to width * height) */
         avio_skip(pb, 4);
+        if (chunk_size < 4)
+            return AVERROR_INVALIDDATA;
         chunk_size -= 4;
         ret= av_get_packet(pb, pkt, chunk_size);
         if (ret < 0)
author	Paul B Mahol <onemda@gmail.com>	2012-10-15 15:48:13 +0000
committer	Paul B Mahol <onemda@gmail.com>	2012-10-15 15:48:13 +0000
commit	295218f531528d18f0f21937d3ddf28318898a7c (patch)
tree	1248c420604796792281397f8aba6439de683361 /libavformat/idcin.c
parent	3f8148911c6e6e1f2a042bd4ca3ad8516a92130c (diff)
download	ffmpeg-295218f531528d18f0f21937d3ddf28318898a7c.tar.gz