From bbe56bcd6befb3e7d1bd498d8b827325d6089d78 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Wed, 16 Jan 2013 05:54:19 +0100
Subject: [PATCH] motion_est: Limit motion vector search range to MAX_MV

Fixes out of array reads with videos exceeding MAX_MV

Found-by: Thierry Foucu
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/motion_est.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/motion_est.c b/libavcodec/motion_est.c
index a303d379b1..2c16c9ad22 100644
--- a/libavcodec/motion_est.c
+++ b/libavcodec/motion_est.c
@@ -516,6 +516,7 @@ static inline void get_limits(MpegEncContext *s, int x, int y)
 {
     MotionEstContext * const c= &s->me;
     int range= c->avctx->me_range >> (1 + !!(c->flags&FLAG_QPEL));
+    int max_range = MAX_MV >> (1 + !!(c->flags&FLAG_QPEL));
 /*
     if(c->avctx->me_range) c->range= c->avctx->me_range >> 1;
     else                   c->range= 16;
@@ -537,6 +538,8 @@ static inline void get_limits(MpegEncContext *s, int x, int y)
         c->xmax = - x + s->mb_width *16 - 16;
         c->ymax = - y + s->mb_height*16 - 16;
     }
+    if(!range || range > max_range)
+        range = max_range;
     if(range){
         c->xmin = FFMAX(c->xmin,-range);
         c->xmax = FFMIN(c->xmax, range);