From 16cc5a738c31fdec1bdd6cadec8b30b825344e9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Fri, 17 Apr 2009 19:07:16 +0000 Subject: [PATCH] Fix buffer size check for xan_unpack which was broken by r18586 Originally committed as revision 18589 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/xan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index f1e343e88d..04f2b1f249 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -156,7 +156,7 @@ static void xan_unpack(unsigned char *dest, const unsigned char *src, int dest_l back = ((opcode & 0x10) << 12) + 1 + bytestream_get_be16(&src); size2 = *src++ + 5 + ((opcode & 0xc) << 6); - if (dest >= dest_end || size > dest_end - dest) + if (size + size2 > dest_end - dest) return; } memcpy(dest, src, size); dest += size; src += size;