From 03a9c9932dbceff4d42d82b9c4fccf860093f0e9 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Mon, 19 Dec 2011 16:27:52 +0100
Subject: eamad: fix excessive memory allocation. Fixes Ticket792 Bug found by
 Oana Stratulat

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/eamad.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'libavcodec/eamad.c')

diff --git a/libavcodec/eamad.c b/libavcodec/eamad.c
index 1f6282394e..cc6f9d38ef 100644
--- a/libavcodec/eamad.c
+++ b/libavcodec/eamad.c
@@ -268,6 +268,8 @@ static int decode_frame(AVCodecContext *avctx,
     buf += 16;
 
     if (avctx->width != s->width || avctx->height != s->height) {
+        if((s->width * s->height)/2048*7 > buf_end-buf)
+            return -1;
         if (av_image_check_size(s->width, s->height, 0, avctx) < 0)
             return -1;
         avcodec_set_dimensions(avctx, s->width, s->height);
-- 
cgit v1.2.1