diff --git a/libavcodec/cabac.c b/libavcodec/cabac.c
index 2ae996a39d82a46782a8cf7594f2b9a59261316a..9d56e23fc72e1feab668c21d1f840edda361958d 100644
--- a/libavcodec/cabac.c
+++ b/libavcodec/cabac.c
@@ -93,6 +93,7 @@ void ff_init_cabac_encoder(CABACContext *c, uint8_t *buf, int buf_size){
 void ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size){
     c->bytestream_start= 
     c->bytestream= buf;
+    c->bytestream_end= buf + buf_size;
 
     c->low= *c->bytestream++;
     c->low= (c->low<<9) + ((*c->bytestream++)<<1);
diff --git a/libavcodec/cabac.h b/libavcodec/cabac.h
index 05c47363d2b7ae6228a7a072e55faacb31c7653c..21085b21e8a60c7c113b3a0e01e0d2ccd55745ea 100644
--- a/libavcodec/cabac.h
+++ b/libavcodec/cabac.h
@@ -39,6 +39,7 @@ typedef struct CABACContext{
     uint8_t mps_state[2*64];      ///< transIdxMPS
     const uint8_t *bytestream_start;
     const uint8_t *bytestream;
+    const uint8_t *bytestream_end;
     int bits_left;                ///<
     PutBitContext pb;
 }CABACContext;
@@ -253,7 +254,9 @@ static inline void renorm_cabac_decoder(CABACContext *c){
         c->range+= c->range;
         c->low+= c->low;
         if(--c->bits_left == 0){
-            c->low+= *c->bytestream++;
+            if(c->bytestream < c->bytestream_end)
+                c->low+= *c->bytestream;
+            c->bytestream++;
             c->bits_left= 8;
         }
     }
@@ -298,7 +301,9 @@ static inline int get_cabac_bypass(CABACContext *c){
     c->low += c->low;
 
     if(--c->bits_left == 0){
-        c->low+= *c->bytestream++;
+        if(c->bytestream < c->bytestream_end)
+            c->low+= *c->bytestream;
+        c->bytestream++;
         c->bits_left= 8;
     }
     
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index c573b7996b9591d19fc5d8493c416a0e8537f0a2..4d03945cd2e6aa6a305ce9f28a3b02799e1b9424 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -5117,7 +5117,7 @@ static int decode_slice(H264Context *h){
         ff_init_cabac_states( &h->cabac, ff_h264_lps_range, ff_h264_mps_state, ff_h264_lps_state, 64 );
         ff_init_cabac_decoder( &h->cabac,
                                s->gb.buffer + get_bits_count(&s->gb)/8,
-                               ( s->gb.size_in_bits - get_bits_count(&s->gb) ) );
+                               ( s->gb.size_in_bits - get_bits_count(&s->gb) + 7)/8);
         /* calculate pre-state */
         for( i= 0; i < 399; i++ ) {
             int pre;
@@ -5149,7 +5149,7 @@ static int decode_slice(H264Context *h){
                 s->mb_y--;
             }
 
-            if( ret < 0 ) {
+            if( ret < 0 || h->cabac.bytestream > h->cabac.bytestream_end + 1) {
                 av_log(h->s.avctx, AV_LOG_ERROR, "error while decoding MB %d %d\n", s->mb_x, s->mb_y);
                 ff_er_add_slice(s, s->resync_mb_x, s->resync_mb_y, s->mb_x, s->mb_y, (AC_ERROR|DC_ERROR|MV_ERROR)&part_mask);
                 return -1;