Revision b8fb21e9

View differences:

libavcodec/flashsv.c
113 113
    /* no supplementary picture */
114 114
    if (buf_size == 0)
115 115
        return 0;
116
    if (buf_size < 4)
117
        return -1;
116 118

  
117 119
    init_get_bits(&gb, buf, buf_size * 8);
118 120

  
......
181 183

  
182 184
            /* get the size of the compressed zlib chunk */
183 185
            int size = get_bits(&gb, 16);
186
            if (8 * size > get_bits_left(&gb)) {
187
                avctx->release_buffer(avctx, &s->frame);
188
                s->frame.data[0] = NULL;
189
                return -1;
190
            }
184 191

  
185 192
            if (size == 0) {
186 193
                /* no change, don't do anything */

Also available in: Unified diff