From 59417897bee880be334b0a891f333cb537b01337 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Mon, 28 May 2012 17:13:10 +0200
Subject: iff_ilbm: fix null ptr deref

Fixes Ticket1362

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 849d4b041351ef8d77c4231cf417f997e79f9ab7)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/iff.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'libavcodec')

diff --git a/libavcodec/iff.c b/libavcodec/iff.c
index 0a4a983955..8946bf9858 100644
--- a/libavcodec/iff.c
+++ b/libavcodec/iff.c
@@ -191,7 +191,13 @@ static int extract_header(AVCodecContext *const avctx,
     const uint8_t *buf;
     unsigned buf_size;
     IffContext *s = avctx->priv_data;
-    int palette_size = avctx->extradata_size - AV_RB16(avctx->extradata);
+    int palette_size;
+
+    if (avctx->extradata_size < 2) {
+        av_log(avctx, AV_LOG_ERROR, "not enough extradata\n");
+        return AVERROR_INVALIDDATA;
+    }
+    palette_size = avctx->extradata_size - AV_RB16(avctx->extradata);
 
     if (avpkt) {
         int image_size;
@@ -207,8 +213,6 @@ static int extract_header(AVCodecContext *const avctx,
             return AVERROR_INVALIDDATA;
         }
     } else {
-        if (avctx->extradata_size < 2)
-            return AVERROR_INVALIDDATA;
         buf = avctx->extradata;
         buf_size = bytestream_get_be16(&buf);
         if (buf_size <= 1 || palette_size < 0) {
-- 
cgit v1.2.3