From 22f15f5735389e992ec9aed43b0680e75746b3a1 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Thu, 14 May 2015 01:01:35 +0200
Subject: avcodec/on2avc: Check run more carefully

Fixes CID1239106

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/on2avc.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'libavcodec/on2avc.c')

diff --git a/libavcodec/on2avc.c b/libavcodec/on2avc.c
index 4a38da00e5..1d8fcbc596 100644
--- a/libavcodec/on2avc.c
+++ b/libavcodec/on2avc.c
@@ -119,12 +119,12 @@ static int on2avc_decode_band_types(On2AVCContext *c, GetBitContext *gb)
         run_len   = 1;
         do {
             run = get_bits(gb, bits_per_sect);
+            if (run > num_bands - band - run_len) {
+                av_log(c->avctx, AV_LOG_ERROR, "Invalid band type run\n");
+                return AVERROR_INVALIDDATA;
+            }
             run_len += run;
         } while (run == esc_val);
-        if (band + run_len > num_bands) {
-            av_log(c->avctx, AV_LOG_ERROR, "Invalid band type run\n");
-            return AVERROR_INVALIDDATA;
-        }
         for (i = band; i < band + run_len; i++) {
             c->band_type[i]    = band_type;
             c->band_run_end[i] = band + run_len;
-- 
cgit v1.2.3