From cf044f8bff0d28dbc34492f18b0d18b3ba8bad9d Mon Sep 17 00:00:00 2001
From: Justin Ruggles <justin.ruggles@gmail.com>
Date: Wed, 21 Sep 2011 11:42:55 -0400
Subject: smacker: check buffer size before reading output size

---
 libavcodec/smacker.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'libavcodec/smacker.c')

diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index f3dec7f675..20ddc15915 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -586,6 +586,11 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
     int bits, stereo;
     int pred[2] = {0, 0};
 
+    if (buf_size <= 4) {
+        av_log(avctx, AV_LOG_ERROR, "packet is too small\n");
+        return AVERROR(EINVAL);
+    }
+
     unp_size = AV_RL32(buf);
 
     init_get_bits(&gb, buf + 4, (buf_size - 4) * 8);
-- 
cgit v1.2.3