From 465c28b6b43be2563e0b644ec22cf641fe374d8d Mon Sep 17 00:00:00 2001
From: David Conrad <lessen42@gmail.com>
Date: Tue, 18 May 2010 21:21:32 +0000
Subject: [PATCH] matroskadec: Fix buffer overread in matroska_ebmlnum_uint

Based on a Chromium patch

Originally committed as revision 23168 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavformat/matroskadec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 4d18d99e15..9126717df2 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -679,7 +679,7 @@ static int matroska_ebmlnum_uint(MatroskaDemuxContext *matroska,
 {
     ByteIOContext pb;
     init_put_byte(&pb, data, size, 0, NULL, NULL, NULL, NULL);
-    return ebml_read_num(matroska, &pb, 8, num);
+    return ebml_read_num(matroska, &pb, FFMIN(size, 8), num);
 }
 
 /*