From a4ed7c3fe9f99b89f86b65710d8855dc572f1a25 Mon Sep 17 00:00:00 2001
From: Laurent Aimar <fenrir@videolan.org>
Date: Sat, 8 Oct 2011 23:01:33 +0200
Subject: [PATCH] qtrle: check for invalid line offset

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/qtrle.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/qtrle.c b/libavcodec/qtrle.c
index 752bbc1323..7383cf2dc3 100644
--- a/libavcodec/qtrle.c
+++ b/libavcodec/qtrle.c
@@ -464,6 +464,8 @@ static int qtrle_decode_frame(AVCodecContext *avctx,
         stream_ptr += 4;
         height = AV_RB16(&s->buf[stream_ptr]);
         stream_ptr += 4;
+        if (height > s->avctx->height - start_line)
+            goto done;
     } else {
         start_line = 0;
         height = s->avctx->height;