From 8d8409ca9ffd56eea6a8ae1963c15492a75af0bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= <Reimar.Doeffinger@gmx.de>
Date: Tue, 30 Jun 2009 12:11:29 +0000
Subject: [PATCH] Fix nalsize check to avoid an integer overflow that made the
 check incorrect for nalsize > INT_MAX - buf_index

Originally committed as revision 19307 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/h264.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 40ba4eb955..9cdac24605 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -7505,7 +7505,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
             nalsize = 0;
             for(i = 0; i < h->nal_length_size; i++)
                 nalsize = (nalsize << 8) | buf[buf_index++];
-            if(nalsize <= 1 || (nalsize+buf_index > buf_size)){
+            if(nalsize <= 1 || nalsize > buf_size - buf_index){
                 if(nalsize == 1){
                     buf_index++;
                     continue;