From ed50673066956d6f2201a57c3254569f2ab08d9d Mon Sep 17 00:00:00 2001
From: Luca Barbato <lu_zero@gentoo.org>
Date: Fri, 17 May 2013 18:29:15 +0200
Subject: wavpack: validate samples size parsed in wavpack_decode_block

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
---
 libavcodec/wavpack.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'libavcodec/wavpack.c')

diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 38fc26b7ea..8d7c82b2fe 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -796,6 +796,9 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
     if (!wc->mkv_mode) {
         s->samples = AV_RL32(buf);
         buf       += 4;
+        if (s->samples != wc->samples)
+            return AVERROR_INVALIDDATA;
+
         if (!s->samples) {
             *got_frame_ptr = 0;
             return 0;
-- 
cgit v1.2.3