Description: fix denial of service and possible code execution via crafted VC1 file Origin: upstream, http://git.videolan.org/?p=ffmpeg.git;a=commit;h=cf69619141a5742c4e4156177335d553c5bab7b6 Bug: https://roundup.ffmpeg.org/issue2584 Bug: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/690169 diff -Nur ffmpeg-0.6/libavcodec/vc1dec.c ffmpeg-0.6.new/libavcodec/vc1dec.c --- ffmpeg-0.6/libavcodec/vc1dec.c 2010-04-20 10:45:34.000000000 -0400 +++ ffmpeg-0.6.new/libavcodec/vc1dec.c 2011-03-31 10:37:57.082468364 -0400 @@ -1365,7 +1365,7 @@ if (index != vc1_ac_sizes[codingset] - 1) { run = vc1_index_decode_table[codingset][index][0]; level = vc1_index_decode_table[codingset][index][1]; - lst = index >= vc1_last_decode_table[codingset]; + lst = index >= vc1_last_decode_table[codingset] || get_bits_left(gb) < 0; if(get_bits1(gb)) level = -level; } else {