From d75c80e9427eef962b1de8ce3dd0246dd2ec5c05 Mon Sep 17 00:00:00 2001
From: Laurent Aimar <fenrir@videolan.org>
Date: Fri, 30 Sep 2011 23:42:32 +0000
Subject: [PATCH] eacmv: check for out of bound reads

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 46cb2f6a2928a7fa4bee3f09b0475ccb8cdd2064)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
---
 libavcodec/eacmv.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c
index d848208ec8..2b9e6803e2 100644
--- a/libavcodec/eacmv.c
+++ b/libavcodec/eacmv.c
@@ -153,6 +153,9 @@ static int cmv_decode_frame(AVCodecContext *avctx,
     CmvContext *s = avctx->priv_data;
     const uint8_t *buf_end = buf + buf_size;
 
+    if (buf_end - buf < EA_PREAMBLE_SIZE)
+        return AVERROR_INVALIDDATA;
+
     if (AV_RL32(buf)==MVIh_TAG||AV_RB32(buf)==MVIh_TAG) {
         cmv_process_header(s, buf+EA_PREAMBLE_SIZE, buf_end);
         return buf_size;