Fixed invalid read access on extra data in cinepak decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dc255275f6)
This commit is contained in:
Laurent Aimar 2011-09-11 19:17:43 +02:00 committed by Michael Niedermayer
parent 8511c141e0
commit c9316b7c6d
1 changed files with 2 additions and 1 deletions

View File

@ -336,7 +336,8 @@ static int cinepak_decode (CinepakContext *s)
* If the frame header is followed by the bytes FE 00 00 06 00 00 then * If the frame header is followed by the bytes FE 00 00 06 00 00 then
* this is probably one of the two known files that have 6 extra bytes * this is probably one of the two known files that have 6 extra bytes
* after the frame header. Else, assume 2 extra bytes. */ * after the frame header. Else, assume 2 extra bytes. */
if ((s->data[10] == 0xFE) && if (s->size >= 16 &&
(s->data[10] == 0xFE) &&
(s->data[11] == 0x00) && (s->data[11] == 0x00) &&
(s->data[12] == 0x00) && (s->data[12] == 0x00) &&
(s->data[13] == 0x06) && (s->data[13] == 0x06) &&