From b5fc95e77f9e154978d914548b86a8bc9fd1d0f2 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 9 Feb 2013 18:40:12 +0100
Subject: [PATCH] motionpixels: Check that the vlc table has been fully inited

Fixes out of array reads

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/motionpixels.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c
index f69cd569e2..4fa45e9c5d 100644
--- a/libavcodec/motionpixels.c
+++ b/libavcodec/motionpixels.c
@@ -137,6 +137,10 @@ static int mp_read_codes_table(MotionPixelsContext *mp, GetBitContext *gb)
         mp->current_codes_count = 0;
         if ((ret = mp_get_code(mp, gb, 0, 0)) < 0)
             return ret;
+        if (mp->current_codes_count < mp->codes_count) {
+            av_log(mp->avctx, AV_LOG_ERROR, "too few codes\n");
+            return AVERROR_INVALIDDATA;
+        }
    }
    return 0;
 }