From 47c4713a23d271eedd2eb2c02daa70cb0ea4e0ac Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 24 Dec 2011 22:06:25 +0100
Subject: [PATCH] sierravmd: limit packetsize to the amount that could be read.
 Fixes huge allocations.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/sierravmd.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/sierravmd.c b/libavformat/sierravmd.c
index faf97b2d6a..f614e51b5c 100644
--- a/libavformat/sierravmd.c
+++ b/libavformat/sierravmd.c
@@ -30,6 +30,7 @@
 #include "libavutil/intreadwrite.h"
 #include "avformat.h"
 #include "internal.h"
+#include "avio_internal.h"
 
 #define VMD_HEADER_SIZE 0x0330
 #define BYTES_PER_FRAME_RECORD 16
@@ -246,6 +247,8 @@ static int vmd_read_packet(AVFormatContext *s,
     /* position the stream (will probably be there already) */
     avio_seek(pb, frame->frame_offset, SEEK_SET);
 
+    if(ffio_limit(pb, frame->frame_size) != frame->frame_size)
+        return AVERROR(EIO);
     if (av_new_packet(pkt, frame->frame_size + BYTES_PER_FRAME_RECORD))
         return AVERROR(ENOMEM);
     pkt->pos= avio_tell(pb);