From e6b225532933655d95266ce772b8a45b14aa27ec Mon Sep 17 00:00:00 2001
From: Justin Ruggles <justin.ruggles@gmail.com>
Date: Wed, 21 Sep 2011 11:42:55 -0400
Subject: [PATCH] smacker: check buffer size before reading output size (cherry
 picked from commit cf044f8bff0d28dbc34492f18b0d18b3ba8bad9d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/smacker.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index 30dbaa7dae..0c1aa16224 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -587,6 +587,11 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
     int bits, stereo;
     int pred[2] = {0, 0};
 
+    if (buf_size <= 4) {
+        av_log(avctx, AV_LOG_ERROR, "packet is too small\n");
+        return AVERROR(EINVAL);
+    }
+
     unp_size = AV_RL32(buf);
 
     init_get_bits(&gb, buf + 4, (buf_size - 4) * 8);