commit 457f869b73ff9c49486c31a6574eb6601f8eb2d1
author Alex Converse <alex.converse@gmail.com> Fri Sep 09 13:26:49 2011 -0700
committer Michael Niedermayer <michaelni@gmx.at> Thu Nov 03 03:26:19 2011 +0100
tree be8aac4b90ab7cb002917b90c87da2f0cc26fffb
parent 70f01f12626caacd3926e11ac1ebc705e67016e7

indeo2: fail if input buffer too small
(cherry picked from commit b7ce4f1d1c3add86ece7ca595ea6c4a10b471055)

Signed-off-by: Anton Khirnov <anton@khirnov.net>

libavcodec/indeo2.c

diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c
index e1bfd08..8ee6a86 100644
--- a/libavcodec/indeo2.c
+++ b/libavcodec/indeo2.c
@@ -153,6 +153,13 @@
         return -1;
     }
 
+    start = 48; /* hardcoded for now */
+
+    if (start >= buf_size) {
+        av_log(s->avctx, AV_LOG_ERROR, "input buffer size too small (%d)\n", buf_size);
+        return AVERROR_INVALIDDATA;
+    }
+
     s->decode_delta = buf[18];
 
     /* decide whether frame uses deltas or not */
@@ -160,7 +167,6 @@
     for (i = 0; i < buf_size; i++)
         buf[i] = ff_reverse[buf[i]];
 #endif
-    start = 48; /* hardcoded for now */
 
     init_get_bits(&s->gb, buf + start, (buf_size - start) * 8);