From dbc53ffc7c398f90ae1cf59e513d3882bc0dc188 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sun, 31 May 2009 10:23:38 +0000 Subject: [PATCH] Change buffer size checks to avoid the undefined overflow case. Originally committed as revision 19047 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/lcldec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/lcldec.c b/libavcodec/lcldec.c index 4a5a2eb799..9ad731e56a 100644 --- a/libavcodec/lcldec.c +++ b/libavcodec/lcldec.c @@ -87,7 +87,7 @@ static unsigned int mszh_decomp(unsigned char * srcptr, int srclen, unsigned cha continue; } if ((mask & (1 << (--maskbit))) == 0) { - if (destptr + 4 > destptr_end) + if (destptr_end - destptr < 4) break; memcpy(destptr, srcptr, 4); srclen -= 4; @@ -101,7 +101,7 @@ static unsigned int mszh_decomp(unsigned char * srcptr, int srclen, unsigned cha ofs &= 0x7ff; srclen -= 2; cnt *= 4; - if (destptr + cnt > destptr_end) { + if (destptr_end - destptr < cnt) { cnt = destptr_end - destptr; } for (; cnt > 0; cnt--) {