From c40296d1ad328ba9ac05feb95eaebb4c39cc0134 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Fri, 16 Dec 2011 06:13:04 +0100
Subject: [PATCH] avidec: Check that the header chunks fit in the available
 filesize. Fixes Ticket771 Bug found by: Diana Elena Muscalu

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 62adc60b97d854507d07a21b2f370ab5c69e6b7b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/avidec.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 9c4dff63e7..1a73161add 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -387,6 +387,11 @@ static int avi_read_header(AVFormatContext *s, AVFormatParameters *ap)
         tag = avio_rl32(pb);
         size = avio_rl32(pb);
 
+        if(size > avi->fsize){
+            av_log(s, AV_LOG_ERROR, "chunk size is too big during header parsing\n");
+            goto fail;
+        }
+
         print_tag("tag", tag, size);
 
         switch(tag) {