From 97c281d5b7d1c4850a8ba7d9921137634224b2f3 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 2 Jun 2012 02:21:30 +0200
Subject: [PATCH] ffv1: fix crash caused by version becoming inconsistent

Fixes part of Ticket1372

Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/ffv1.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c
index bffd744937..79409e2a16 100644
--- a/libavcodec/ffv1.c
+++ b/libavcodec/ffv1.c
@@ -1769,7 +1769,12 @@ static int read_header(FFV1Context *f){
     memset(state, 128, sizeof(state));
 
     if(f->version < 2){
-        f->version= get_symbol(c, state, 0);
+        unsigned v= get_symbol(c, state, 0);
+        if(v >= 2){
+            av_log(f->avctx, AV_LOG_ERROR, "invalid version %d in ver01 header\n", v);
+            return AVERROR_INVALIDDATA;
+        }
+        f->version = v;
         f->ac= f->avctx->coder_type= get_symbol(c, state, 0);
         if(f->ac>1){
             for(i=1; i<256; i++){