From b399cbfba5d901608c18e1a2d48a24c30541a634 Mon Sep 17 00:00:00 2001
From: Laurent Aimar <fenrir@elivagar.org>
Date: Sat, 1 Oct 2011 00:43:05 +0200
Subject: [PATCH] Prevent block size from inreasing in the shorten decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/shorten.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index f46b21fc8e..ebc429036f 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -482,9 +482,15 @@ static int shorten_decode_frame(AVCodecContext *avctx,
             case FN_BITSHIFT:
                 s->bitshift = get_ur_golomb_shorten(&s->gb, BITSHIFTSIZE);
                 break;
-            case FN_BLOCKSIZE:
-                s->blocksize = get_uint(s, av_log2(s->blocksize));
+            case FN_BLOCKSIZE: {
+                int blocksize = get_uint(s, av_log2(s->blocksize));
+                if (blocksize > s->blocksize) {
+                    av_log(avctx, AV_LOG_ERROR, "Increasing block size is not supported\n");
+                    return AVERROR_PATCHWELCOME;
+                }
+                s->blocksize = blocksize;
                 break;
+            }
             case FN_QUIT:
                 *data_size = 0;
                 return buf_size;