[FFmpeg-cvslog] avformat/swfdec: Move packet size check before side data allocation

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Fri Aug 19 03:04:57 2016 +0200| [2a3720bc22d92d236ce62112edf80103e33ece1b] | committer: Michael Niedermayer

avformat/swfdec: Move packet size check before side data allocation

Fixes memleak
Fixes: 9eb9cf5b8c26dd0fa7107ed0348dcc1f/signal_sigabrt_7ffff6ae7c37_8927_f14c2a6ae1ad0bbde2c94f1da50e7074.swf

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2a3720bc22d92d236ce62112edf80103e33ece1b
---

 libavformat/swfdec.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c
index fa2435e..2d8e3b0 100644
--- a/libavformat/swfdec.c
+++ b/libavformat/swfdec.c
@@ -395,6 +395,11 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt)
             pkt->pos = pos;
             pkt->stream_index = st->index;
 
+            if (linesize * height > pkt->size) {
+                res = AVERROR_INVALIDDATA;
+                goto bitmap_end;
+            }
+
             switch (bmp_fmt) {
             case 3:
                 pix_fmt = AV_PIX_FMT_PAL8;
@@ -422,10 +427,6 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt)
             } else
                 st->codecpar->format = pix_fmt;
 
-            if (linesize * height > pkt->size) {
-                res = AVERROR_INVALIDDATA;
-                goto bitmap_end;
-            }
             memcpy(pkt->data, buf + colormapsize*colormapbpp, linesize * height);
 
             res = pkt->size;