Mercurial > libavcodec.hg

diff dvdsubdec.c @ 10049:a1b42791b13d libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix cmd_pos bounds check to avoid the overflow case.
author reimar
date Sat, 15 Aug 2009 00:02:42 +0000
parents c78fd9154378
children e73c688ca84c
line wrap: on
line diff
--- a/dvdsubdec.c	Fri Aug 14 16:41:21 2009 +0000
+++ b/dvdsubdec.c	Sat Aug 15 00:02:42 2009 +0000
@@ -191,7 +191,7 @@
 
     cmd_pos = READ_OFFSET(buf + cmd_pos);
 
-    while ((cmd_pos + 2 + offset_size) < buf_size) {
+    while (cmd_pos > 0 && cmd_pos < buf_size - 2 - offset_size) {
         date = AV_RB16(buf + cmd_pos);
         next_cmd_pos = READ_OFFSET(buf + cmd_pos + 2);
         dprintf(NULL, "cmd_pos=0x%04x next=0x%04x date=%d\n",