cinepak: Fix invalid read access on extra data

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
This commit is contained in:
Laurent Aimar 2011-09-11 19:17:43 +02:00 committed by Janne Grunau
parent c0cbe36b18
commit d239d4b447

View File

@ -336,7 +336,8 @@ static int cinepak_decode (CinepakContext *s)
* If the frame header is followed by the bytes FE 00 00 06 00 00 then
* this is probably one of the two known files that have 6 extra bytes
* after the frame header. Else, assume 2 extra bytes. */
if ((s->data[10] == 0xFE) &&
if (s->size >= 16 &&
(s->data[10] == 0xFE) &&
(s->data[11] == 0x00) &&
(s->data[12] == 0x00) &&
(s->data[13] == 0x06) &&