From ed782bebf508d4a27e1beaa040035bf84376f359 Mon Sep 17 00:00:00 2001
From: Paul B Mahol <onemda@gmail.com>
Date: Wed, 28 Jun 2017 17:14:30 +0200
Subject: [PATCH] avcodec/interplayvideo: fix dead-lock

Fixes #6499.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
---
 libavcodec/interplayvideo.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/interplayvideo.c b/libavcodec/interplayvideo.c
index 1a1aa96ac7..8ccd20019f 100644
--- a/libavcodec/interplayvideo.c
+++ b/libavcodec/interplayvideo.c
@@ -1044,7 +1044,7 @@ static void ipvideo_decode_format_10_opcodes(IpvideoContext *s, AVFrame *frame)
             for (x = 0; x < s->avctx->width; x += 8) {
                 s->pixel_ptr = s->cur_decode_frame->data[0] + x + y * s->cur_decode_frame->linesize[0];
 
-                while (skip <= 0)  {
+                while (skip <= 0 && bytestream2_get_bytes_left(&decoding_map_ptr) > 1)  {
                     if (skip != -0x8000 && skip) {
                         opcode = bytestream2_get_le16(&decoding_map_ptr);
                         ipvideo_format_10_passes[pass](s, frame, opcode);
@@ -1069,6 +1069,8 @@ static void ipvideo_decode_format_10_opcodes(IpvideoContext *s, AVFrame *frame)
                     changed_block = 1;
                     break;
                 }
+                if (bytestream2_get_bytes_left(&skip_map_ptr) < 2)
+                    return AVERROR_INVALIDDATA;
                 skip = bytestream2_get_le16(&skip_map_ptr);
             }