avcodec/vqavideo: Check chunk size
authorMichael Niedermayer <michaelni@gmx.at>
Tue, 12 May 2015 22:41:38 +0000 (00:41 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Wed, 10 Jun 2015 00:13:11 +0000 (02:13 +0200)
Fixes CID1239154

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8a62b80ce6c8e87e7937f9a5d68f83882c1c8da2)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/vqavideo.c

index 0a2b668..7282cf9 100644 (file)
@@ -231,6 +231,12 @@ static int decode_format80(VqaContext *s, int src_size,
     unsigned char color;
     int i;
 
+    if (src_size < 0 || src_size > bytestream2_get_bytes_left(&s->gb)) {
+        av_log(s->avctx, AV_LOG_ERROR, "Chunk size %d is out of range\n",
+               src_size);
+        return AVERROR_INVALIDDATA;
+    }
+
     start = bytestream2_tell(&s->gb);
     while (bytestream2_tell(&s->gb) - start < src_size) {
         opcode = bytestream2_get_byte(&s->gb);