return error if frame_offset is negative, prevent segfault
authorBaptiste Coudurier <baptiste.coudurier@gmail.com>
Mon, 26 May 2008 03:53:48 +0000 (03:53 +0000)
committerBaptiste Coudurier <baptiste.coudurier@gmail.com>
Mon, 26 May 2008 03:53:48 +0000 (03:53 +0000)
Originally committed as revision 13420 to svn://svn.ffmpeg.org/ffmpeg/trunk

libavformat/ffmdec.c

index 84bd5e9fbadf590a087d5657870c09d083b2aa4e..2b9fbd4ba2a0d64f76d95d2bad51e884ad573446 100644 (file)
@@ -104,7 +104,7 @@ static int ffm_read_data(AVFormatContext *s,
             frame_offset = get_be16(pb);
             get_buffer(pb, ffm->packet, ffm->packet_size - FFM_HEADER_SIZE);
             ffm->packet_end = ffm->packet + (ffm->packet_size - FFM_HEADER_SIZE - fill_size);
-            if (ffm->packet_end < ffm->packet)
+            if (ffm->packet_end < ffm->packet || frame_offset < 0)
                 return -1;
             /* if first packet or resynchronization packet, we must
                handle it specifically */