Check if there is enough bytes before reading the buffer in the EA ADPCM

decoder. Fix issue 990. Originally committed as revision 18707 to svn://svn.ffmpeg.org/ffmpeg/trunk
2009-04-27 16:06:01 +00:00 · 2009-04-27 16:06:01 +00:00 · 6cf92f6d26
commit 6cf92f6d26
parent 8a06cb14f9
1 changed files with 2 additions and 2 deletions
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@ -1209,11 +1209,11 @@ static int adpcm_decode_frame(AVCodecContext *avctx,
        }
        break;
    case CODEC_ID_ADPCM_EA:
-        samples_in_chunk = AV_RL32(src);
-        if (samples_in_chunk >= ((buf_size - 12) * 2)) {
+        if (buf_size < 4 || AV_RL32(src) >= ((buf_size - 12) * 2)) {
            src += buf_size;
            break;
        }
+        samples_in_chunk = AV_RL32(src);
        src += 4;
        current_left_sample   = (int16_t)bytestream_get_le16(&src);
        previous_left_sample  = (int16_t)bytestream_get_le16(&src);