From b962932cba61f06c8da3e7f70e519dec1c1dd88a Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sun, 15 Apr 2012 15:29:50 +0200
Subject: [PATCH] eatgv: check vector_bits

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/eatgv.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/eatgv.c b/libavcodec/eatgv.c
index 65a3ad0ed1..01d0489c4c 100644
--- a/libavcodec/eatgv.c
+++ b/libavcodec/eatgv.c
@@ -157,6 +157,11 @@ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *b
     vector_bits       = AV_RL16(&buf[6]);
     buf += 12;
 
+    if (vector_bits > MIN_CACHE_BITS || !vector_bits) {
+        av_log(s->avctx, AV_LOG_ERROR, "vector_bits %d invalid\n", vector_bits);
+        return AVERROR_INVALIDDATA;
+    }
+
     /* allocate codebook buffers as necessary */
     if (num_mvs > s->num_mvs) {
         s->mv_codebook = av_realloc(s->mv_codebook, num_mvs*2*sizeof(int));