dirac_parser: check prev_pu_offset before using it

Fixes out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

dirac_parser: check prev_pu_offset before using it
Fixes out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2b643855 · Michael Niedermayer · fef75ef2 · 2b643855
Commit 2b643855 authored Dec 15, 2012 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

dirac_parser.c libavcodec/dirac_parser.c +3 -1

No files found.
--- a/libavcodec/dirac_parser.c
+++ b/libavcodec/dirac_parser.c
@@ -161,7 +161,9 @@ static int dirac_combine_frame(AVCodecParserContext *s, AVCodecContext *avctx,
         * we can be pretty sure that we have a valid parse unit */
        if (!unpack_parse_unit(&pu1, pc, pc->index - 13)                     ||
            !unpack_parse_unit(&pu, pc, pc->index - 13 - pu1.prev_pu_offset) ||
-            pu.next_pu_offset != pu1.prev_pu_offset) {
+            pu.next_pu_offset != pu1.prev_pu_offset                          ||
+            pc->index < pc->dirac_unit_size + 13LL + pu1.prev_pu_offset
+        ) {
            pc->index -= 9;
            *buf_size = next-9;
            pc->header_bytes_needed = 9;