From 4f478357ae21efd299735f678889a60ea8291d88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Fri, 20 Jan 2017 17:16:10 +0200
Subject: [PATCH] avidemux: Stop reading a ncdt sub-tag if it goes behind the
 surrounding tag

https://bugzilla.gnome.org/show_bug.cgi?id=777532
---
 gst/avi/gstavidemux.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gst/avi/gstavidemux.c b/gst/avi/gstavidemux.c
index d7afd1e710..3e21dbd5d8 100644
--- a/gst/avi/gstavidemux.c
+++ b/gst/avi/gstavidemux.c
@@ -3914,6 +3914,9 @@ gst_avi_demux_parse_ncdt (GstAviDemux * avi, GstBuffer * buf,
           ptr += 4;
           left -= 4;
 
+          if (sub_size > tsize)
+            break;
+
           GST_DEBUG_OBJECT (avi, "sub-tag %u, size %u", sub_tag, sub_size);
           /* http://www.sno.phy.queensu.ca/~phil/exiftool/TagNames/Nikon.html#NCTG
            * for some reason the sub_tag has a +2 offset