# HG changeset patch
# User aurel
# Date 1264722586 0
# Node ID 170c9ce34d14ba0181bcff35a7526049ad23aaef
# Parent  e26ea20d293a08bc6d373469eb1dd3555626def9
vp56: check buffer size to fix a potential segfault
patch by Laurent Aimar  fenrir _at_ videolan _dot_ org

diff -r e26ea20d293a -r 170c9ce34d14 vp56.c
--- a/vp56.c	Thu Jan 28 23:19:33 2010 +0000
+++ b/vp56.c	Thu Jan 28 23:49:46 2010 +0000
@@ -504,8 +504,12 @@
     int is_alpha, av_uninit(alpha_offset);
 
     if (s->has_alpha) {
+        if (remaining_buf_size < 3)
+            return -1;
         alpha_offset = bytestream_get_be24(&buf);
         remaining_buf_size -= 3;
+        if (remaining_buf_size < alpha_offset)
+            return -1;
     }
 
     for (is_alpha=0; is_alpha < 1+s->has_alpha; is_alpha++) {