matroskadec: fix integer underflow if header length < probe length.

This fixes a crash with specifically crafted files. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 69619a13c3fef940cba545cf0a283ff22771dd71)
author: Chris Evans <cevans@chromium.org> 2011-07-19 17:51:48 -0700
committer: Reinhard Tartler <siretart@tauware.de> 2011-07-21 09:09:03 +0200
commit: 5fab0ccd81df0bc3fd6d16756006c260fdbca6e7 (patch)
tree: 7baa8071727a6b0ce2f494f2cee23717ceb8c937
parent: 20829cf8a26a00c840c70f12224843e079c10ee6 (diff)
download: ffmpeg-5fab0ccd81df0bc3fd6d16756006c260fdbca6e7.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 60f6c6985b..f74f76cb8a 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -900,6 +900,8 @@ static int matroska_probe(AVProbeData *p)
      * Not fully fool-proof, but good enough. */
     for (i = 0; i < FF_ARRAY_ELEMS(matroska_doctypes); i++) {
         int probelen = strlen(matroska_doctypes[i]);
+        if (total < probelen)
+            continue;
         for (n = 4+size; n <= 4+size+total-probelen; n++)
             if (!memcmp(p->buf+n, matroska_doctypes[i], probelen))
                 return AVPROBE_SCORE_MAX;
author	Chris Evans <cevans@chromium.org>	2011-07-19 17:51:48 -0700
committer	Reinhard Tartler <siretart@tauware.de>	2011-07-21 09:09:03 +0200
commit	5fab0ccd81df0bc3fd6d16756006c260fdbca6e7 (patch)
tree	7baa8071727a6b0ce2f494f2cee23717ceb8c937
parent	20829cf8a26a00c840c70f12224843e079c10ee6 (diff)
download	ffmpeg-5fab0ccd81df0bc3fd6d16756006c260fdbca6e7.tar.gz