cinepak: Fix invalid read access on extra data

Signed-off-by: N Janne Grunau <janne-libav@jannau.net>

cinepak: Fix invalid read access on extra data
Signed-off-by: N Janne Grunau <janne-libav@jannau.net>
d239d4b4 · Laurent Aimar · Janne Grunau · c0cbe36b · d239d4b4
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

libavcodec/cinepak.c libavcodec/cinepak.c +2 -1

未找到文件。
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -336,7 +336,8 @@ static int cinepak_decode (CinepakContext *s)
             * If the frame header is followed by the bytes FE 00 00 06 00 00 then
             * this is probably one of the two known files that have 6 extra bytes
             * after the frame header. Else, assume 2 extra bytes. */
-            if ((s->data[10] == 0xFE) &&
+            if (s->size >= 16 &&
+                (s->data[10] == 0xFE) &&
                (s->data[11] == 0x00) &&
                (s->data[12] == 0x00) &&
                (s->data[13] == 0x06) &&