From a5d46235f3f70f0b620f8e54649ece45ecc5b170 Mon Sep 17 00:00:00 2001
From: Laurent Aimar <fenrir@videolan.org>
Date: Sat, 1 Oct 2011 00:45:01 +0200
Subject: [PATCH] Check for out of bound reads in the Electronic Arts CMV
 decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/eacmv.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c
index 3ac9cdaecb..20ec0a2265 100644
--- a/libavcodec/eacmv.c
+++ b/libavcodec/eacmv.c
@@ -158,6 +158,9 @@ static int cmv_decode_frame(AVCodecContext *avctx,
     CmvContext *s = avctx->priv_data;
     const uint8_t *buf_end = buf + buf_size;
 
+    if (buf_end - buf < EA_PREAMBLE_SIZE)
+        return AVERROR_INVALIDDATA;
+
     if (AV_RL32(buf)==MVIh_TAG||AV_RB32(buf)==MVIh_TAG) {
         cmv_process_header(s, buf+EA_PREAMBLE_SIZE, buf_end);
         return buf_size;