Check if there is enough bytes before reading the buffer in the EA ADPCM

decoder. Fix issue 990.

Originally committed as revision 18707 to svn://svn.ffmpeg.org/ffmpeg/trunk

diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c
index d923fbe..8184378 100644 (file)
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@@ -1209,11 +1209,11 @@ static int adpcm_decode_frame(AVCodecContext *avctx,
         }
         break;
     case CODEC_ID_ADPCM_EA:
-        samples_in_chunk = AV_RL32(src);
-        if (samples_in_chunk >= ((buf_size - 12) * 2)) {
+        if (buf_size < 4 || AV_RL32(src) >= ((buf_size - 12) * 2)) {
             src += buf_size;
             break;
         }
+        samples_in_chunk = AV_RL32(src);
         src += 4;
         current_left_sample   = (int16_t)bytestream_get_le16(&src);
         previous_left_sample  = (int16_t)bytestream_get_le16(&src);