[FFmpeg-cvslog] swfdec: check space before copy

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Nov 12 19:29:08 2012 +0100| [abe68364a3219f1a98c46bddea575e4cada147c7] | committer: Michael Niedermayer

swfdec: check space before copy

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=abe68364a3219f1a98c46bddea575e4cada147c7
---

 libavformat/swfdec.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c
index b8c2e93..193df25 100644
--- a/libavformat/swfdec.c
+++ b/libavformat/swfdec.c
@@ -362,6 +362,11 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt)
             default:
                 av_assert0(0);
             }
+
+            if (linesize * height > pkt->size) {
+                res = AVERROR_INVALIDDATA;
+                goto bitmap_end;
+            }
             memcpy(pkt->data, buf + colormapsize*colormapbpp, linesize * height);
 
             res = pkt->size;