avcodec/dirac_parser: Fix potential overflows in pointer checks

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 79798f7c57b098c78e0bbc6becd64b9888b013d1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2015-12-05 17:11:54 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2015-12-20 10:59:27 +0100
commit: cc88d7a640884e29490b1adb598643ab1365d747 (patch)
tree: 37f8ee842a2677dca82608382cca295fb700db12
parent: e12f07b4751cc4b09b85c8d19b5c7a0b16c07556 (diff)
download: ffmpeg-cc88d7a640884e29490b1adb598643ab1365d747.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c
index 61a978d9c2..36674d70e3 100644
--- a/libavcodec/dirac_parser.c
+++ b/libavcodec/dirac_parser.c
@@ -100,10 +100,12 @@ typedef struct DiracParseUnit {
 static int unpack_parse_unit(DiracParseUnit *pu, DiracParseContext *pc,
                              int offset)
 {
-    uint8_t *start = pc->buffer + offset;
-    uint8_t *end   = pc->buffer + pc->index;
-    if (start < pc->buffer || (start + 13 > end))
+    int8_t *start;
+
+    if (offset < 0 || pc->index - 13 < offset)
         return 0;
+
+    start = pc->buffer + offset;
     pu->pu_type = start[4];
 
     pu->next_pu_offset = AV_RB32(start + 5);
author	Michael Niedermayer <michael@niedermayer.cc>	2015-12-05 17:11:54 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2015-12-20 10:59:27 +0100
commit	cc88d7a640884e29490b1adb598643ab1365d747 (patch)
tree	37f8ee842a2677dca82608382cca295fb700db12
parent	e12f07b4751cc4b09b85c8d19b5c7a0b16c07556 (diff)
download	ffmpeg-cc88d7a640884e29490b1adb598643ab1365d747.tar.gz