From f0dd9d4505675daa0f4fda6fcf4274416a23bf24 Mon Sep 17 00:00:00 2001
From: Kostya Shishkov <kostya.shishkov@gmail.com>
Date: Fri, 14 Sep 2007 06:01:29 +0000
Subject: Check unp_size for possible overflows too

Originally committed as revision 10490 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/smacker.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index e185f4d54f..614f3015b9 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -590,7 +590,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
     }
     stereo = get_bits1(&gb);
     bits = get_bits1(&gb);
-    if ((unp_size << !bits) > *data_size) {
+    if (unp_size & 0xC0000000 || (unp_size << !bits) > *data_size) {
         av_log(avctx, AV_LOG_ERROR, "Frame is too large to fit in buffer\n");
         return -1;
     }
-- 
cgit v1.2.3