rtpenc: fix overflow checking in avc_mp4_find_startcode()

The check `start + res < start' is broken since pointer overflow is undefined behavior in C. Many compilers such as gcc/clang optimize away this check. Use `res > end - start' instead. Also change `res' to unsigned int to avoid signed left-shift overflow. Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Xi Wang <xi.wang@gmail.com> 2013-01-22 20:58:07 -0500
committer: Michael Niedermayer <michaelni@gmx.at> 2013-01-23 05:28:01 +0100
commit: 2f014567cfd63e58156f60666f1a61ba147276ab (patch)
tree: 3966d1ae867ed93d206395c829cd6a3d701bf9e2
parent: 713dea584b118bc48803266edc8e9b380f78a778 (diff)
download: ffmpeg-2f014567cfd63e58156f60666f1a61ba147276ab.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/libavformat/rtpenc_h264.c b/libavformat/rtpenc_h264.c
index 68f497590b..b6c16e17d8 100644
--- a/libavformat/rtpenc_h264.c
+++ b/libavformat/rtpenc_h264.c
@@ -31,14 +31,14 @@
 
 static const uint8_t *avc_mp4_find_startcode(const uint8_t *start, const uint8_t *end, int nal_length_size)
 {
-    int res = 0;
+    unsigned int res = 0;
 
     if (end - start < nal_length_size)
         return NULL;
     while (nal_length_size--)
         res = (res << 8) | *start++;
 
-    if (start + res > end || res < 0 || start + res < start)
+    if (res > end - start)
         return NULL;
 
     return start + res;
author	Xi Wang <xi.wang@gmail.com>	2013-01-22 20:58:07 -0500
committer	Michael Niedermayer <michaelni@gmx.at>	2013-01-23 05:28:01 +0100
commit	2f014567cfd63e58156f60666f1a61ba147276ab (patch)
tree	3966d1ae867ed93d206395c829cd6a3d701bf9e2
parent	713dea584b118bc48803266edc8e9b380f78a778 (diff)
download	ffmpeg-2f014567cfd63e58156f60666f1a61ba147276ab.tar.gz