From e1631f8ebe9a8f2a9cca85d60160b9be94eb63f3 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Wed, 14 Nov 2012 03:03:04 +0100
Subject: [PATCH] aasc: check before reading the first 4 byte, fix overread

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/aasc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/aasc.c b/libavcodec/aasc.c
index a759e0d3369..6c9fd4e4286 100644
--- a/libavcodec/aasc.c
+++ b/libavcodec/aasc.c
@@ -83,6 +83,11 @@ static int aasc_decode_frame(AVCodecContext *avctx,
     AascContext *s = avctx->priv_data;
     int compr, i, stride, psize;
 
+    if (buf_size < 4) {
+        av_log(avctx, AV_LOG_ERROR, "frame too short\n");
+        return AVERROR_INVALIDDATA;
+    }
+
     s->frame.reference = 3;
     s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
     if (avctx->reget_buffer(avctx, &s->frame)) {
-- 
GitLab