From 4e937b1a60e239335df7623af5eeaa8dd534ee0b Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Mon, 23 Jul 2018 13:12:43 -0300
Subject: avcodec/av1_parse: check for OBU header overread

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavcodec/av1_parse.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/av1_parse.h b/libavcodec/av1_parse.h
index 84fc71c925..3a4151491a 100644
--- a/libavcodec/av1_parse.h
+++ b/libavcodec/av1_parse.h
@@ -118,6 +118,10 @@ static inline int parse_obu_header(const uint8_t *buf, int buf_size,
 
     *obu_size  = has_size_flag ? leb128(&gb)
                                : buf_size - 1 - extension_flag;
+
+    if (get_bits_left(&gb) < 0)
+        return AVERROR_INVALIDDATA;
+
     *start_pos = get_bits_count(&gb) / 8;
 
     return 0;
-- 
cgit v1.2.3