matroskadec: fix integer underflow if header length < probe length.

author Chris Evans <cevans@chromium.org>

Wed, 20 Jul 2011 00:51:48 +0000 (17:51 -0700)

committer Ronald S. Bultje <rsbultje@gmail.com>

Wed, 20 Jul 2011 01:06:06 +0000 (18:06 -0700)
author Chris Evans <cevans@chromium.org>
Wed, 20 Jul 2011 00:51:48 +0000 (17:51 -0700)
committer Ronald S. Bultje <rsbultje@gmail.com>
Wed, 20 Jul 2011 01:06:06 +0000 (18:06 -0700)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c

index 852760c..0379977 100644 (file)
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -903,6 +903,8 @@ static int matroska_probe(AVProbeData *p)
       * Not fully fool-proof, but good enough. */
      for (i = 0; i < FF_ARRAY_ELEMS(matroska_doctypes); i++) {
          int probelen = strlen(matroska_doctypes[i]);
+        if (total < probelen)
+            continue;
          for (n = 4+size; n <= 4+size+total-probelen; n++)
              if (!memcmp(p->buf+n, matroska_doctypes[i], probelen))
                  return AVPROBE_SCORE_MAX;
author	Chris Evans <cevans@chromium.org>
	Wed, 20 Jul 2011 00:51:48 +0000 (17:51 -0700)
committer	Ronald S. Bultje <rsbultje@gmail.com>
	Wed, 20 Jul 2011 01:06:06 +0000 (18:06 -0700)