From 8bfea4ab4e2cb32bc7bf6f697ee30a238c65d296 Mon Sep 17 00:00:00 2001
From: Laurent Aimar <fenrir@videolan.org>
Date: Wed, 7 Sep 2011 21:43:03 +0200
Subject: Fixed segfault with wavpack decoder on corrupted decorrelation terms
 sub-blocks.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Martin Storsjö <martin@martin.st>
---
 libavcodec/wavpack.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'libavcodec/wavpack.c')

diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 0604452b80..a687c279ef 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -863,12 +863,13 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
         }
         switch(id & WP_IDF_MASK){
         case WP_ID_DECTERMS:
-            s->terms = size;
-            if(s->terms > MAX_TERMS){
+            if(size > MAX_TERMS){
                 av_log(avctx, AV_LOG_ERROR, "Too many decorrelation terms\n");
+                s->terms = 0;
                 buf += ssize;
                 continue;
             }
+            s->terms = size;
             for(i = 0; i < s->terms; i++) {
                 s->decorr[s->terms - i - 1].value = (*buf & 0x1F) - 5;
                 s->decorr[s->terms - i - 1].delta = *buf >> 5;
-- 
cgit v1.2.3