Check if there is enough bytes before reading the buffer in the EA ADPCM

decoder. Fix issue 990.

git-svn-id: file:///var/local/repositories/ffmpeg/trunk@18707 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b

diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c
index d923fbe3a09bde93cda8e1309dd805e7a2ea5f7a..8184378a16570ec21382ef520975c168a0c148d5 100644 (file)
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@@ -1209,11 +1209,11 @@ static int adpcm_decode_frame(AVCodecContext *avctx,
         }
         break;
     case CODEC_ID_ADPCM_EA:
-        samples_in_chunk = AV_RL32(src);
-        if (samples_in_chunk >= ((buf_size - 12) * 2)) {
+        if (buf_size < 4 || AV_RL32(src) >= ((buf_size - 12) * 2)) {
             src += buf_size;
             break;
         }
+        samples_in_chunk = AV_RL32(src);
         src += 4;
         current_left_sample   = (int16_t)bytestream_get_le16(&src);
         previous_left_sample  = (int16_t)bytestream_get_le16(&src);