avformat/rmdec: Reorder operations to avoid overflow

Fixes: signed integer overflow: -2147483648 - 14 cannot be represented in type 'int' Fixes: 27659/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5697250168406016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b12e713b8061cc6a71ec69da946552bc593d5fa7) Signed-off-by: Michael Niedermayer <[email protected]>
author: Michael Niedermayer <[email protected]> 2020-12-03 00:54:46 +0100
committer: Michael Niedermayer <[email protected]> 2021-02-20 14:21:24 +0100
commit: 9797f8dba3424c893bfaae72936f1c1def8d9205 (patch)
tree: 0f566716bb34a1cef24642198c78836677ee664d
parent: 506406b8034b782d0ef93ba50dfe1b6386471290 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 25b66e2a06..f150dcd111 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -714,9 +714,9 @@ static int rm_sync(AVFormatContext *s, int64_t *timestamp, int *flags, int *stre
                     av_log(s, AV_LOG_WARNING,
                            "Index size %d (%d pkts) is wrong, should be %"PRId64".\n",
                            len, n_pkts, expected_len);
-                len -= 14; // we already read part of the index header
-                if(len<0)
+                if(len < 14)
                     continue;
+                len -= 14; // we already read part of the index header
                 goto skip;
             } else if (state == MKBETAG('D','A','T','A')) {
                 av_log(s, AV_LOG_WARNING,
author	Michael Niedermayer <[email protected]>	2020-12-03 00:54:46 +0100
committer	Michael Niedermayer <[email protected]>	2021-02-20 14:21:24 +0100
commit	9797f8dba3424c893bfaae72936f1c1def8d9205 (patch)
tree	0f566716bb34a1cef24642198c78836677ee664d
parent	506406b8034b782d0ef93ba50dfe1b6386471290 (diff)