Merge commit '324e50ee95929a9491b855c5e15451145bd5d1ec'

[ffmpeg] / libavcodec / vqavideo.c

diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c
index 2ad614d2a790563d80ea00f26eb0ceba13917fec..45eb1574f65db847a9c145aaa4a116d5e1d3e34a 100644 (file)
--- a/libavcodec/vqavideo.c
+++ b/libavcodec/vqavideo.c
@@ -231,6 +231,12 @@ static int decode_format80(VqaContext *s, int src_size,
     unsigned char color;
     int i;
 
+    if (src_size < 0 || src_size > bytestream2_get_bytes_left(&s->gb)) {
+        av_log(s->avctx, AV_LOG_ERROR, "Chunk size %d is out of range\n",
+               src_size);
+        return AVERROR_INVALIDDATA;
+    }
+
     start = bytestream2_tell(&s->gb);
     while (bytestream2_tell(&s->gb) - start < src_size) {
         opcode = bytestream2_get_byte(&s->gb);