From c433823750bf096187e70c22822431a7c0bb4202 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Mon, 12 Nov 2012 14:56:07 +0100
Subject: [PATCH] 4xmdec: test version for cfrms, fix out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/4xm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c
index bbf6d902c0..bd70692273 100644
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@@ -811,6 +811,11 @@ static int decode_frame(AVCodecContext *avctx, void *data,
             return AVERROR_INVALIDDATA;
         }
 
+        if (f->version <= 1) {
+            av_log(f->avctx, AV_LOG_ERROR, "cfrm in version %d\n", f->version);
+            return AVERROR_INVALIDDATA;
+        }
+
         for (i = 0; i < CFRAME_BUFFER_COUNT; i++)
             if (f->cfrm[i].id && f->cfrm[i].id < avctx->frame_number)
                 av_log(f->avctx, AV_LOG_ERROR, "lost c frame %d\n",