From b7ce4f1d1c3add86ece7ca595ea6c4a10b471055 Mon Sep 17 00:00:00 2001
From: Alex Converse <alex.converse@gmail.com>
Date: Fri, 9 Sep 2011 13:26:49 -0700
Subject: indeo2: fail if input buffer too small

---
 libavcodec/indeo2.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'libavcodec/indeo2.c')

diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c
index 591c1ceb89..398a9acd92 100644
--- a/libavcodec/indeo2.c
+++ b/libavcodec/indeo2.c
@@ -156,6 +156,13 @@ static int ir2_decode_frame(AVCodecContext *avctx,
         return -1;
     }
 
+    start = 48; /* hardcoded for now */
+
+    if (start >= buf_size) {
+        av_log(s->avctx, AV_LOG_ERROR, "input buffer size too small (%d)\n", buf_size);
+        return AVERROR_INVALIDDATA;
+    }
+
     s->decode_delta = buf[18];
 
     /* decide whether frame uses deltas or not */
@@ -163,7 +170,6 @@ static int ir2_decode_frame(AVCodecContext *avctx,
     for (i = 0; i < buf_size; i++)
         buf[i] = av_reverse[buf[i]];
 #endif
-    start = 48; /* hardcoded for now */
 
     init_get_bits(&s->gb, buf + start, (buf_size - start) * 8);
 
-- 
cgit v1.2.3