[FFmpeg-cvslog] avcodec/on2avc: Check run more carefully

[Michael Niedermayer]

ffmpeg | branch: release/2.4 | Michael Niedermayer <michaelni at gmx.at> | Thu May 14 01:01:35 2015 +0200| [bdf67f3837837f2fca5a2ca31810e14a415b40b7] | committer: Michael Niedermayer

avcodec/on2avc: Check run more carefully

Fixes CID1239106

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 22f15f5735389e992ec9aed43b0680e75746b3a1)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bdf67f3837837f2fca5a2ca31810e14a415b40b7
---

 libavcodec/on2avc.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libavcodec/on2avc.c b/libavcodec/on2avc.c
index 2ad88d1..c864e14 100644
--- a/libavcodec/on2avc.c
+++ b/libavcodec/on2avc.c
@@ -119,12 +119,12 @@ static int on2avc_decode_band_types(On2AVCContext *c, GetBitContext *gb)
         run_len   = 1;
         do {
             run = get_bits(gb, bits_per_sect);
+            if (run > num_bands - band - run_len) {
+                av_log(c->avctx, AV_LOG_ERROR, "Invalid band type run\n");
+                return AVERROR_INVALIDDATA;
+            }
             run_len += run;
         } while (run == esc_val);
-        if (band + run_len > num_bands) {
-            av_log(c->avctx, AV_LOG_ERROR, "Invalid band type run\n");
-            return AVERROR_INVALIDDATA;
-        }
         for (i = band; i < band + run_len; i++) {
             c->band_type[i]    = band_type;
             c->band_run_end[i] = band + run_len;