[FFmpeg-cvslog] avidec: Make sure a packet is large enough before reading its data

[Martin Storsjö]

ffmpeg | branch: release/1.1 | Martin Storsjö <martin at martin.st> | Sat Sep 28 00:41:31 2013 +0300| [2e4c649b3e62fdd158b5a9a0f973d3b186a23e94] | committer: Luca Barbato

avidec: Make sure a packet is large enough before reading its data

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit 8d07258bb6063d0780ce2d39443d6dc6d8eedc5a)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>

Conflicts:
	libavformat/avidec.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e4c649b3e62fdd158b5a9a0f973d3b186a23e94
---

 libavformat/avidec.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index ee341c2..e17d932 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -752,8 +752,10 @@ static int avi_read_header(AVFormatContext *s)
     return 0;
 }
 
-static int read_gab2_sub(AVStream *st, AVPacket *pkt) {
-    if (!strcmp(pkt->data, "GAB2") && AV_RL16(pkt->data+5) == 2) {
+static int read_gab2_sub(AVStream *st, AVPacket *pkt)
+{
+    if (pkt->size >= 7 &&
+        !strcmp(pkt->data, "GAB2") && AV_RL16(pkt->data + 5) == 2) {
         uint8_t desc[256];
         int score = AVPROBE_SCORE_MAX / 2, ret;
         AVIStream *ast = st->priv_data;