smacker: check buffer size before reading output size
authorJustin Ruggles <justin.ruggles@gmail.com>
Wed, 21 Sep 2011 15:42:55 +0000 (11:42 -0400)
committerMichael Niedermayer <michaelni@gmx.at>
Fri, 4 Nov 2011 00:07:44 +0000 (01:07 +0100)
(cherry picked from commit cf044f8bff0d28dbc34492f18b0d18b3ba8bad9d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/smacker.c

index 30dbaa7..0c1aa16 100644 (file)
@@ -587,6 +587,11 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
     int bits, stereo;
     int pred[2] = {0, 0};
 
+    if (buf_size <= 4) {
+        av_log(avctx, AV_LOG_ERROR, "packet is too small\n");
+        return AVERROR(EINVAL);
+    }
+
     unp_size = AV_RL32(buf);
 
     init_get_bits(&gb, buf + 4, (buf_size - 4) * 8);