From 5497fa83f915b7194d409ce073f90f2ad36d21ce Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 29 Nov 2016 02:58:34 +0100
Subject: [PATCH] avformat/idroqdec: Check chunk_size for being too large

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 744a0b5206634e5de04d5c31f08cc3640faf800d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/idroqdec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/idroqdec.c b/libavformat/idroqdec.c
index 76bb3924b1..d733953a04 100644
--- a/libavformat/idroqdec.c
+++ b/libavformat/idroqdec.c
@@ -157,6 +157,9 @@ static int roq_read_packet(AVFormatContext *s,
             chunk_size = AV_RL32(&preamble[2]) + RoQ_CHUNK_PREAMBLE_SIZE * 2 +
                 codebook_size;
 
+            if (chunk_size > INT_MAX)
+                return AVERROR_INVALIDDATA;
+
             /* rewind */
             avio_seek(pb, codebook_offset, SEEK_SET);