fix potential buffer over-read

Originally committed as revision 10966 to svn://svn.ffmpeg.org/ffmpeg/trunk

diff --git a/libavformat/mpeg.c b/libavformat/mpeg.c
index 34168ba..076cc8f 100644 (file)
--- a/libavformat/mpeg.c
+++ b/libavformat/mpeg.c
@@ -121,7 +121,7 @@ static int mpegps_read_header(AVFormatContext *s,
     s->ctx_flags |= AVFMTCTX_NOHEADER;
 
     get_buffer(&s->pb, buffer, sizeof(buffer));
-    if ((p=memchr(buffer, 'S', sizeof(buffer))))
+    if ((p=memchr(buffer, 'S', sizeof(buffer)-5)))
         if (!memcmp(p, "Sofdec", 6))
             m->sofdec = 1;
     url_fseek(&s->pb, -(offset_t)sizeof(buffer), SEEK_CUR);