Mercurial > libavcodec.hg

--- a/vp56.c	Thu Jan 28 23:19:33 2010 +0000
+++ b/vp56.c	Thu Jan 28 23:49:46 2010 +0000
@@ -504,8 +504,12 @@
     int is_alpha, av_uninit(alpha_offset);

     if (s->has_alpha) {
+        if (remaining_buf_size < 3)
+            return -1;
         alpha_offset = bytestream_get_be24(&buf);
         remaining_buf_size -= 3;
+        if (remaining_buf_size < alpha_offset)
+            return -1;
     }

     for (is_alpha=0; is_alpha < 1+s->has_alpha; is_alpha++) {