From ea23dcc4986e9372d4c506889328d9394e28610a Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Mon, 21 Oct 2013 16:21:14 +0200
Subject: [PATCH] avfilter/ff_insert_pad: fix order of operations

Fixes out of bounds access
Fixes CID732170
Fixes CID732169

No filter is known to use this function in a way so the issue can be reproduced.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ab2bfb85d49b2f8aa505816f93e75fd18ad0a361)

Conflicts:

	libavfilter/avfilter.c
(cherry picked from commit 86591b244f3a27293153896813f5569b49b2f5c0)

Conflicts:

	libavfilter/avfilter.c
(cherry picked from commit 400c4f8fa3fd58951dc3f356b2b00484e3363694)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavfilter/avfilter.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavfilter/avfilter.c b/libavfilter/avfilter.c
index 8a40b299ce..799ce7ba50 100644
--- a/libavfilter/avfilter.c
+++ b/libavfilter/avfilter.c
@@ -140,9 +140,9 @@ void avfilter_insert_pad(unsigned idx, unsigned *count, size_t padidx_off,
     (*links)[idx] = NULL;
 
     (*count)++;
-    for (i = idx+1; i < *count; i++)
-        if (*links[i])
-            (*(unsigned *)((uint8_t *) *links[i] + padidx_off))++;
+    for (i = idx + 1; i < *count; i++)
+        if ((*links)[i])
+            (*(unsigned *)((uint8_t *) (*links)[i] + padidx_off))++;
 }
 
 int avfilter_link(AVFilterContext *src, unsigned srcpad,