svq1dec: Fix overread on very small input
authorMichael Niedermayer <michaelni@gmx.at>
Sun, 22 Apr 2012 09:10:17 +0000 (11:10 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Sun, 22 Apr 2012 09:10:17 +0000 (11:10 +0200)
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/svq1dec.c

index e03df08..c36f9fe 100644 (file)
@@ -647,6 +647,9 @@ static int svq1_decode_frame(AVCodecContext *avctx,
   if (s->f_code != 0x20) {
     uint32_t *src = (uint32_t *) (buf + 4);
 
+    if (buf_size < 36)
+        return AVERROR_INVALIDDATA;
+
     for (i=0; i < 4; i++) {
       src[i] = ((src[i] << 16) | (src[i] >> 16)) ^ src[7 - i];
     }