avcodec/dirac_parser: Fix potential overflows in pointer checks
authorMichael Niedermayer <michael@niedermayer.cc>
Sat, 5 Dec 2015 16:11:54 +0000 (17:11 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Mon, 14 Dec 2015 15:51:01 +0000 (16:51 +0100)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 79798f7c57b098c78e0bbc6becd64b9888b013d1)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/dirac_parser.c

index 83c35a2..12f1a60 100644 (file)
@@ -100,10 +100,12 @@ typedef struct DiracParseUnit {
 static int unpack_parse_unit(DiracParseUnit *pu, DiracParseContext *pc,
                              int offset)
 {
-    uint8_t *start = pc->buffer + offset;
-    uint8_t *end   = pc->buffer + pc->index;
-    if (start < pc->buffer || (start + 13 > end))
+    int8_t *start;
+
+    if (offset < 0 || pc->index - 13 < offset)
         return 0;
+
+    start = pc->buffer + offset;
     pu->pu_type = start[4];
 
     pu->next_pu_offset = AV_RB32(start + 5);