[FFmpeg-cvslog] rpza: Fix a buffer size check

[Martin Storsjö]

ffmpeg | branch: release/0.10 | Martin Storsjö <martin at martin.st> | Sun Sep 29 01:24:20 2013 +0300| [cb4a101fbe2729f77d636c264b11789d251bfe84] | committer: Luca Barbato

rpza: Fix a buffer size check

We read 2 bytes for 15 out of 16 pixels, therefore we need to
have at least 30 bytes, not 16.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit 7ba0cedbfeff5671b264d1d7e90777057b5714c6)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
(cherry picked from commit f06e39fe6b272a11782c023c31eec43bfce3138d)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cb4a101fbe2729f77d636c264b11789d251bfe84
---

 libavcodec/rpza.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/rpza.c b/libavcodec/rpza.c
index 59c3a7b..c0cea86 100644
--- a/libavcodec/rpza.c
+++ b/libavcodec/rpza.c
@@ -202,7 +202,7 @@ static void rpza_decode_stream(RpzaContext *s)
 
         /* Fill block with 16 colors */
         case 0x00:
-            if (s->size - stream_ptr < 16)
+            if (s->size - stream_ptr < 30)
                 return;
             block_ptr = row_ptr + pixel_ptr;
             for (pixel_y = 0; pixel_y < 4; pixel_y++) {