From 3c4c5ca1c194464f51de87534d15602f99bf9759 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Fri, 14 Jun 2013 21:13:47 +0200
Subject: [PATCH] avcodec/g2meet: Check monochrome cursor width

Fixes out of array write

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/g2meet.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c
index 2aa9b2b589..09ed7ce7c4 100644
--- a/libavcodec/g2meet.c
+++ b/libavcodec/g2meet.c
@@ -514,6 +514,11 @@ static int g2m_load_cursor(AVCodecContext *avctx, G2MContext *c,
         return AVERROR_PATCHWELCOME;
     }
 
+    if (cursor_fmt == 1 && cursor_w % 32) {
+        avpriv_report_missing_feature(avctx, "odd monochrome cursor width %d", cursor_w);
+        return AVERROR_PATCHWELCOME;
+    }
+
     tmp = av_realloc(c->cursor, cursor_stride * cursor_h);
     if (!tmp) {
         av_log(avctx, AV_LOG_ERROR, "Cannot allocate cursor buffer\n");