From 6cf92f6d26e08bbb11f89d8422712d3f1f48faef Mon Sep 17 00:00:00 2001
From: Vitor Sessak <vitor1001@gmail.com>
Date: Mon, 27 Apr 2009 16:06:01 +0000
Subject: [PATCH] Check if there is enough bytes before reading the buffer in
 the EA ADPCM decoder. Fix issue 990.

Originally committed as revision 18707 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/adpcm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c
index d923fbe3a09..8184378a165 100644
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@@ -1209,11 +1209,11 @@ static int adpcm_decode_frame(AVCodecContext *avctx,
         }
         break;
     case CODEC_ID_ADPCM_EA:
-        samples_in_chunk = AV_RL32(src);
-        if (samples_in_chunk >= ((buf_size - 12) * 2)) {
+        if (buf_size < 4 || AV_RL32(src) >= ((buf_size - 12) * 2)) {
             src += buf_size;
             break;
         }
+        samples_in_chunk = AV_RL32(src);
         src += 4;
         current_left_sample   = (int16_t)bytestream_get_le16(&src);
         previous_left_sample  = (int16_t)bytestream_get_le16(&src);
-- 
GitLab