From 008c1debb93623fcaf03f7ab0875c2c298f623af Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Fri, 15 May 2015 16:48:31 +0200
Subject: [PATCH] avcodec/shorten: Check skip_bytes()

Fixes CID1210526

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d201becfc0d89c6a5dfe44e96f1044fbc2aadb70)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/shorten.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 804efe3580..c7909f2d17 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -369,6 +369,11 @@ static int read_header(ShortenContext *s)
         s->nmean = get_uint(s, 0);
 
         skip_bytes = get_uint(s, NSKIPSIZE);
+        if ((unsigned)skip_bytes > get_bits_left(&s->gb)/8) {
+            av_log(s->avctx, AV_LOG_ERROR, "invalid skip_bytes: %d\n", skip_bytes);
+            return AVERROR_INVALIDDATA;
+        }
+
         for (i = 0; i < skip_bytes; i++)
             skip_bits(&s->gb, 8);
     }