X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Flibvorbisdec.c;h=89cbbb41b6898e74c7f11e21445d328dd4729746;hb=8fec9fca69c22fc41d8602d8bdf547f14c70fc06;hp=ecf690a5530128eef311ff8870b94ab689c40bcc;hpb=0084eed5bffebd7f3915bc0f9eba7350e8bc0ef7;p=ffmpeg

diff --git a/libavcodec/libvorbisdec.c b/libavcodec/libvorbisdec.c
index ecf690a5530..89cbbb41b68 100644
--- a/libavcodec/libvorbisdec.c
+++ b/libavcodec/libvorbisdec.c
@@ -49,8 +49,16 @@ static int oggvorbis_decode_init(AVCodecContext *avccontext) {
     vorbis_comment_init(&context->vc) ;
 
     if(p[0] == 0 && p[1] == 30) {
+        int sizesum = 0;
         for(i = 0; i < 3; i++){
             hsizes[i] = bytestream_get_be16((const uint8_t **)&p);
+            sizesum += 2 + hsizes[i];
+            if (sizesum > avccontext->extradata_size) {
+                av_log(avccontext, AV_LOG_ERROR, "vorbis extradata too small\n");
+                ret = AVERROR_INVALIDDATA;
+                goto error;
+            }
+
             headers[i] = p;
             p += hsizes[i];
         }