From dc68faf8339a885bc55fabe5b01f1de4f8f3782c Mon Sep 17 00:00:00 2001
From: Kai Kang <kai.kang@windriver.com>
Date: Wed, 13 May 2015 16:30:53 +0800
Subject: [PATCH 1/2] gst-ffmpeg: fix CVE-2014-9603

Upstream-Status: Backport

Upstream is version 2.x and vmdav.c is splitted into 2 files vmdaudio.c
and vmdvideo.c. Becuase source code changes, just partly backport commit which
is applicable to version 0.10.13 to fix CVE-2014-9603.

http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd

Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
 gst-libs/ext/libav/libavcodec/vmdav.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/gst-libs/ext/libav/libavcodec/vmdav.c b/gst-libs/ext/libav/libavcodec/vmdav.c
index d258252..ba88ad8 100644
--- a/gst-libs/ext/libav/libavcodec/vmdav.c
+++ b/gst-libs/ext/libav/libavcodec/vmdav.c
@@ -294,10 +294,13 @@ static void vmd_decode(VmdVideoContext *s)
                     len = *pb++;
                     if (len & 0x80) {
                         len = (len & 0x7F) + 1;
-                        if (*pb++ == 0xFF)
+                        if (*pb++ == 0xFF) {
                             len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs);
-                        else
+                        } else {
+                            if (ofs + len > frame_width)
+                                return;
                             memcpy(&dp[ofs], pb, len);
+                        }
                         pb += len;
                         ofs += len;
                     } else {
-- 
1.9.1