[FFmpeg-cvslog] avcodec/dirac_parser: Fix potential overflows in pointer checks

Sat, 05 Dec 2015 17:28:02 -0800 

ffmpeg | branch: release/2.5 | Michael Niedermayer <mich...@niedermayer.cc> | 
Sat Dec  5 17:11:54 2015 +0100| [752a6591b2dbc0edcbf19eec8a5ff509e097fbc2] | 
committer: Michael Niedermayer

avcodec/dirac_parser: Fix potential overflows in pointer checks

Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
(cherry picked from commit 79798f7c57b098c78e0bbc6becd64b9888b013d1)

Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=752a6591b2dbc0edcbf19eec8a5ff509e097fbc2
---

 libavcodec/dirac_parser.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c
index 83c35a2..12f1a60 100644
--- a/libavcodec/dirac_parser.c
+++ b/libavcodec/dirac_parser.c
@@ -100,10 +100,12 @@ typedef struct DiracParseUnit {
 static int unpack_parse_unit(DiracParseUnit *pu, DiracParseContext *pc,
                              int offset)
 {
-    uint8_t *start = pc->buffer + offset;
-    uint8_t *end   = pc->buffer + pc->index;
-    if (start < pc->buffer || (start + 13 > end))
+    int8_t *start;
+
+    if (offset < 0 || pc->index - 13 < offset)
         return 0;
+
+    start = pc->buffer + offset;
     pu->pu_type = start[4];
 
     pu->next_pu_offset = AV_RB32(start + 5);

_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

Reply via email to