From 114f82ee7e384ff80151fe6f4ed89d46c2f20419 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Tue, 3 Jul 2012 12:32:26 +0200
Subject: [PATCH] jvdec: check that the video_size fits in the packet.

Prevents use of out of array data and fate failure.

Found-by: durandal_1707
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/jvdec.c | 2 +-
 tests/ref/fate/jv  | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c
index 4031fadf15..728b749896 100644
--- a/libavcodec/jvdec.c
+++ b/libavcodec/jvdec.c
@@ -143,7 +143,7 @@ static int decode_frame(AVCodecContext *avctx,
     buf += 5;
 
     if (video_size) {
-        if(video_size < 0) {
+        if(video_size < 0 || video_size > buf_size) {
             av_log(avctx, AV_LOG_ERROR, "video size %d invalid\n", video_size);
             return AVERROR_INVALIDDATA;
         }
diff --git a/tests/ref/fate/jv b/tests/ref/fate/jv
index 88b345c85b..b0a6008d93 100644
--- a/tests/ref/fate/jv
+++ b/tests/ref/fate/jv
@@ -6,4 +6,3 @@
 0,          5,          5,        1,   192000, 0xb8e331eb
 0,          6,          6,        1,   192000, 0xd35b2053
 0,          7,          7,        1,   192000, 0x01062188
-0,          8,          8,        1,   192000, 0xa3a73b87