From afb2bac48d0d044718c2da3d34a97bee244be2e3 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Thu, 15 Dec 2011 04:24:38 +0100
Subject: [PATCH] flicvideo: fix overread. Bug Found by: Diana Elena Muscalu

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/flicvideo.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c
index 9111d17d82b..28009cddbac 100644
--- a/libavcodec/flicvideo.c
+++ b/libavcodec/flicvideo.c
@@ -319,12 +319,14 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
                 pixel_ptr = y_ptr;
                 CHECK_PIXEL_PTR(0);
                 pixel_countdown = s->avctx->width;
-                line_packets = buf[stream_ptr++];
-                if (stream_ptr + 2 * line_packets > stream_ptr_after_chunk)
+                if (stream_ptr + 1 > stream_ptr_after_chunk)
                     break;
+                line_packets = buf[stream_ptr++];
                 if (line_packets > 0) {
                     for (i = 0; i < line_packets; i++) {
                         /* account for the skip bytes */
+                        if (stream_ptr + 2 > stream_ptr_after_chunk)
+                            break;
                         pixel_skip = buf[stream_ptr++];
                         pixel_ptr += pixel_skip;
                         pixel_countdown -= pixel_skip;
-- 
GitLab