From 3204572a1a5dc19e11356cdf39378a171189149b Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Date: Mon, 4 Jul 2022 15:52:21 +0200
Subject: [PATCH] avformat/apngenc: Check for incomplete chunks

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavformat/apngenc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/apngenc.c b/libavformat/apngenc.c
index 88d4a41462..7443c77504 100644
--- a/libavformat/apngenc.c
+++ b/libavformat/apngenc.c
@@ -50,7 +50,7 @@ typedef struct APNGMuxContext {
 static uint8_t *apng_find_chunk(uint32_t tag, uint8_t *buf, size_t length)
 {
     size_t b;
-    for (b = 0; b < length; b += AV_RB32(buf + b) + 12)
+    for (b = 0; AV_RB32(buf + b) + 12ULL <= length - b; b += AV_RB32(buf + b) + 12ULL)
         if (AV_RB32(&buf[b + 4]) == tag)
             return &buf[b];
     return NULL;