From 50a81bd978988605950579293d42fce0741e9b9b Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 24 Sep 2019 12:40:35 +0200
Subject: [PATCH] avcodec/dxv: Subtract 12 earlier in dxv_decompress_cocg()

the data_start is after reading 12 bytes and if its subtracted
at the very end the intermediate might overflow

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd9e6d077ea3259cc6c1896334bbbc7f948979b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/dxv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/dxv.c b/libavcodec/dxv.c
index df63006d04..b51d6393b0 100644
--- a/libavcodec/dxv.c
+++ b/libavcodec/dxv.c
@@ -783,7 +783,7 @@ static int dxv_decompress_cocg(DXVContext *ctx, GetByteContext *gb,
             return ret;
     }
 
-    bytestream2_seek(gb, data_start + op_offset + skip0 + skip1 - 12, SEEK_SET);
+    bytestream2_seek(gb, data_start - 12 + op_offset + skip0 + skip1, SEEK_SET);
 
     return 0;
 }