From 46cb2f6a2928a7fa4bee3f09b0475ccb8cdd2064 Mon Sep 17 00:00:00 2001
From: Laurent Aimar <fenrir@videolan.org>
Date: Fri, 30 Sep 2011 23:42:32 +0000
Subject: eacmv: check for out of bound reads

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
---
 libavcodec/eacmv.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'libavcodec/eacmv.c')

diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c
index 0a146f5347..085e2d8177 100644
--- a/libavcodec/eacmv.c
+++ b/libavcodec/eacmv.c
@@ -153,6 +153,9 @@ static int cmv_decode_frame(AVCodecContext *avctx,
     CmvContext *s = avctx->priv_data;
     const uint8_t *buf_end = buf + buf_size;
 
+    if (buf_end - buf < EA_PREAMBLE_SIZE)
+        return AVERROR_INVALIDDATA;
+
     if (AV_RL32(buf)==MVIh_TAG||AV_RB32(buf)==MVIh_TAG) {
         cmv_process_header(s, buf+EA_PREAMBLE_SIZE, buf_end);
         return buf_size;
-- 
cgit v1.2.3