From 0398b7cbd39abb049775d558ccc4ccf6dc01e92c Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Fri, 22 Nov 2013 16:54:01 +0100
Subject: [PATCH] avcodec/hnm4video: check intraframe size

Fixes hypothetical integer overflow with HNM4_CHUNK_ID_IZ

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/hnm4video.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/hnm4video.c b/libavcodec/hnm4video.c
index d2c4ce3a4ce..b6ab60e2ae0 100644
--- a/libavcodec/hnm4video.c
+++ b/libavcodec/hnm4video.c
@@ -373,6 +373,10 @@ static int hnm_decode_frame(AVCodecContext *avctx, void *data,
         hnm_update_palette(avctx, avpkt->data, avpkt->size);
         frame->palette_has_changed = 1;
     } else if (chunk_id == HNM4_CHUNK_ID_IZ) {
+        if (avpkt->size < 12) {
+            av_log(avctx, AV_LOG_ERROR, "packet too small\n");
+            return AVERROR_INVALIDDATA;
+        }
         unpack_intraframe(avctx, avpkt->data + 12, avpkt->size - 12);
         memcpy(hnm->previous, hnm->current, hnm->width * hnm->height);
         if (hnm->version == 0x4a)
-- 
GitLab