On Thu, Mar 08, 2012 at 04:32:46PM -0800, Ronald S. Bultje wrote: > From: "Ronald S. Bultje" <[email protected]> > > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > CC: [email protected] > --- > libavcodec/xxan.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/xxan.c b/libavcodec/xxan.c > index 4659d34..8147bad 100644 > --- a/libavcodec/xxan.c > +++ b/libavcodec/xxan.c > @@ -129,7 +129,8 @@ static int xan_unpack(uint8_t *dest, const int dest_len, > if (size + size2 > dest_end - dest) > break; > } > - if (src + size > src_end || dest + size + size2 > dest_end) > + if (src + size > src_end || dest + size + size2 > dest_end || > + dest - orig_dest + size < back) > return -1; > bytestream_get_buffer(&src, dest, size); > dest += size; > --
looks OK (and feel free to compare it to the finction in xan.c) _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
