From 18eb4fd5a75b6429d1d7058a8967696be701a00b Mon Sep 17 00:00:00 2001
From: Christophe Mutricy <xtophe@videolan.org>
Date: Mon, 10 Mar 2008 23:29:29 +0000
Subject: [PATCH 1/1] Avoid integer overflow. Patch by Drew Yao.

---
 modules/codec/cinepak.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/codec/cinepak.c b/modules/codec/cinepak.c
index 09b491b5f6..97f5233499 100644
--- a/modules/codec/cinepak.c
+++ b/modules/codec/cinepak.c
@@ -397,7 +397,8 @@ static int cinepak_decode_frame( cinepak_context_t *p_context,
     i_height = GET2BYTES( p_data );
     i_frame_strips = GET2BYTES( p_data );
 
-    if( !i_frame_size || !i_width || !i_height )
+    if( !i_frame_size || !i_width || !i_height ||
+        i_width > 0xffff-3 || i_height > 0xffff-3)
     {
         /* Broken header */
         return( -1 );
-- 
2.39.2