From 42f516b5d356a1fe9945dfe770a4f62ce62f3080 Mon Sep 17 00:00:00 2001
From: Paul B Mahol <onemda@gmail.com>
Date: Wed, 28 Jun 2017 16:59:59 +0200
Subject: [PATCH] avcodec/interplayvideo: check that video_size is >0

Fixes #6498.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
---
 libavcodec/interplayvideo.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/interplayvideo.c b/libavcodec/interplayvideo.c
index 2ac2f991a6..04cc91a060 100644
--- a/libavcodec/interplayvideo.c
+++ b/libavcodec/interplayvideo.c
@@ -1233,6 +1233,8 @@ static int ipvideo_decode_frame(AVCodecContext *avctx,
             s->decoding_map_size = ((s->avctx->width / 8) * (s->avctx->height / 8)) * 2;
             s->decoding_map = buf + 8 + 14; /* 14 bits of op data */
             video_data_size -= s->decoding_map_size + 14;
+            if (video_data_size <= 0)
+                return AVERROR_INVALIDDATA;
 
             if (buf_size < 8 + s->decoding_map_size + 14 + video_data_size)
                 return AVERROR_INVALIDDATA;