# HG changeset patch
# User michael
# Date 1188954857 0
# Node ID 8ca682e4911df509006f813b4c754a63d0fe9b71
# Parent  9960732c7d7bcf67f4000de5fbac54f8c6f3ddf1
fix segfault with dracula.4xm
closes issue132

diff -r 9960732c7d7b -r 8ca682e4911d 4xm.c
--- a/4xm.c	Wed Sep 05 00:49:09 2007 +0000
+++ b/4xm.c	Wed Sep 05 01:14:17 2007 +0000
@@ -301,11 +301,17 @@
     const int index= size2index[log2h][log2w];
     const int h= 1<<log2h;
     int code= get_vlc2(&f->gb, block_type_vlc[1-f->version][index].table, BLOCK_TYPE_VLC_BITS, 1);
+    uint16_t *start= f->last_picture.data[0];
+    uint16_t *end= start + stride*(f->avctx->height-h+1) - (1<<log2w);
 
     assert(code>=0 && code<=6);
 
     if(code == 0){
         src += f->mv[ *f->bytestream++ ];
+        if(start > src || src > end){
+            av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
+            return;
+        }
         mcdc(dst, src, log2w, h, stride, 1, 0);
     }else if(code == 1){
         log2h--;
@@ -319,6 +325,10 @@
         mcdc(dst, src, log2w, h, stride, 1, 0);
     }else if(code == 4){
         src += f->mv[ *f->bytestream++ ];
+        if(start > src || src > end){
+            av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
+            return;
+        }
         mcdc(dst, src, log2w, h, stride, 1, le2me_16(*f->wordstream++));
     }else if(code == 5){
         mcdc(dst, src, log2w, h, stride, 0, le2me_16(*f->wordstream++));