# HG changeset patch
# User michael
# Date 1178465104 0
# Node ID 655d25351bfc9bbfa7c8f72a94d6ddd7d963cd49
# Parent  67975429cb40bfdc8215eae714d87d485da907ac
fix possibly exploitable stack overflow with num_sprite_warping_points (found by reimar)

diff -r 67975429cb40 -r 655d25351bfc h263.c
--- a/h263.c	Sun May 06 11:40:42 2007 +0000
+++ b/h263.c	Sun May 06 15:25:04 2007 +0000
@@ -5665,6 +5665,11 @@
                 skip_bits1(gb); /* marker */
             }
             s->num_sprite_warping_points= get_bits(gb, 6);
+            if(s->num_sprite_warping_points > 3){
+                av_log(s->avctx, AV_LOG_ERROR, "%d sprite_warping_points\n", s->num_sprite_warping_points);
+                s->num_sprite_warping_points= 0;
+                return -1;
+            }
             s->sprite_warping_accuracy = get_bits(gb, 2);
             s->sprite_brightness_change= get_bits1(gb);
             if(s->vol_sprite_usage==STATIC_SPRITE)