From f1279e286b00e99f343adb51e251f036a3df6f32 Mon Sep 17 00:00:00 2001
From: "Ronald S. Bultje" <rsbultje@gmail.com>
Date: Thu, 8 Mar 2012 16:32:46 -0800
Subject: [PATCH] xxan: don't read before start of buffer in
 av_memcpy_backptr().

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
---
 libavcodec/xxan.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/xxan.c b/libavcodec/xxan.c
index 4659d34972..8147bad5f1 100644
--- a/libavcodec/xxan.c
+++ b/libavcodec/xxan.c
@@ -129,7 +129,8 @@ static int xan_unpack(uint8_t *dest, const int dest_len,
                 if (size + size2 > dest_end - dest)
                     break;
             }
-            if (src + size > src_end || dest + size + size2 > dest_end)
+            if (src + size > src_end || dest + size + size2 > dest_end ||
+                dest - orig_dest + size < back)
                 return -1;
             bytestream_get_buffer(&src, dest, size);
             dest += size;