From 7e2ef1b9e148e75a8d552f15805878f6a344e36e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= <Reimar.Doeffinger@gmx.de>
Date: Wed, 27 Jan 2010 20:04:19 +0000
Subject: [PATCH] Fix possible crashes in mlp parser, it tries to go back 7
 bytes after finding the 4-byte signature. Add a check that ignores the
 signature if we do not have enough previous data to go back at least 7 bytes.

Originally committed as revision 21487 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/mlp_parser.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/mlp_parser.c b/libavcodec/mlp_parser.c
index 42295cc352..65f5dc5178 100644
--- a/libavcodec/mlp_parser.c
+++ b/libavcodec/mlp_parser.c
@@ -176,7 +176,9 @@ static int mlp_parse(AVCodecParserContext *s,
 
         for (i = 0; i < buf_size; i++) {
             mp->pc.state = (mp->pc.state << 8) | buf[i];
-            if ((mp->pc.state & 0xfffffffe) == 0xf8726fba) {
+            if ((mp->pc.state & 0xfffffffe) == 0xf8726fba &&
+                // ignore if we do not have the data for the start of header
+                mp->pc.index + i >= 7) {
                 mp->in_sync = 1;
                 mp->bytes_left = 0;
                 break;