From 28d634711b0cca18677a48d18416566b6565b567 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Wed, 25 Jan 2012 05:21:23 +0100
Subject: [PATCH] avidec: Fix regression with chunks that are larger than the
 file.

This commit makes the check specific to the case that needs it.

Regression was introduced by
commit 62adc60b97d854507d07a21b2f370ab5c69e6b7b
Author: Michael Niedermayer <michaelni@gmx.at>
Date:   Fri Dec 16 06:13:04 2011 +0100

    avidec: Check that the header chunks fit in the available filesize.
    Fixes Ticket771
    Bug found by: Diana Elena Muscalu

    Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/avidec.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 86121b418c..ec2204c0a9 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -387,11 +387,6 @@ static int avi_read_header(AVFormatContext *s, AVFormatParameters *ap)
         tag = avio_rl32(pb);
         size = avio_rl32(pb);
 
-        if(size > avi->fsize){
-            av_log(s, AV_LOG_ERROR, "chunk size is too big during header parsing\n");
-            goto fail;
-        }
-
         print_tag("tag", tag, size);
 
         switch(tag) {
@@ -605,7 +600,7 @@ static int avi_read_header(AVFormatContext *s, AVFormatParameters *ap)
                         break;
                     }
 
-                    if(size > 10*4 && size<(1<<30)){
+                    if(size > 10*4 && size<(1<<30) && size < avi->fsize){
                         st->codec->extradata_size= size - 10*4;
                         st->codec->extradata= av_malloc(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
                         if (!st->codec->extradata) {