indeo2: fail if input buffer too small
(cherry picked from commit b7ce4f1d1c3add86ece7ca595ea6c4a10b471055)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c
index e1bfd08..8ee6a86 100644
--- a/libavcodec/indeo2.c
+++ b/libavcodec/indeo2.c
@@ -153,6 +153,13 @@
return -1;
}
+ start = 48; /* hardcoded for now */
+
+ if (start >= buf_size) {
+ av_log(s->avctx, AV_LOG_ERROR, "input buffer size too small (%d)\n", buf_size);
+ return AVERROR_INVALIDDATA;
+ }
+
s->decode_delta = buf[18];
/* decide whether frame uses deltas or not */
@@ -160,7 +167,6 @@
for (i = 0; i < buf_size; i++)
buf[i] = ff_reverse[buf[i]];
#endif
- start = 48; /* hardcoded for now */
init_get_bits(&s->gb, buf + start, (buf_size - start) * 8);