Fix potential overread in vmd audio decoder.

author Laurent Aimar <fenrir@videolan.org>

Sat, 24 Sep 2011 21:16:17 +0000 (23:16 +0200)

committer Michael Niedermayer <michaelni@gmx.at>

Sat, 24 Sep 2011 21:42:49 +0000 (23:42 +0200)
author Laurent Aimar <fenrir@videolan.org>
Sat, 24 Sep 2011 21:16:17 +0000 (23:16 +0200)
committer Michael Niedermayer <michaelni@gmx.at>
Sat, 24 Sep 2011 21:42:49 +0000 (23:42 +0200)
diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c

index 919789168e0915491e03c60b59cea4960cb52e8f..77e0432610af7e7a1e5ffd095736a075138a5218 100644 (file)
--- a/libavcodec/vmdav.c
+++ b/libavcodec/vmdav.c
@@ -523,7 +523,10 @@ static int vmdaudio_decode_frame(AVCodecContext *avctx,
  
      silent_chunks = 0;
      if (block_type == BLOCK_TYPE_INITIAL) {
-        uint32_t flags = AV_RB32(buf);
+        uint32_t flags;
+        if (buf_size < 4)
+            return -1;
+        flags = AV_RB32(buf);
          silent_chunks  = av_popcount(flags);
          buf      += 4;
          buf_size -= 4;
author	Laurent Aimar <fenrir@videolan.org>
	Sat, 24 Sep 2011 21:16:17 +0000 (23:16 +0200)
committer	Michael Niedermayer <michaelni@gmx.at>
	Sat, 24 Sep 2011 21:42:49 +0000 (23:42 +0200)