Commit 6029b8a6 authored by foo86's avatar foo86

avformat/s337m: fix potentially undefined pointer arithmetic

Use integer position instead of pointer for loop variable. Also only
skip header fields after header has been fully validated.
parent 5e715b58
...@@ -86,22 +86,21 @@ static int s337m_probe(AVProbeData *p) ...@@ -86,22 +86,21 @@ static int s337m_probe(AVProbeData *p)
{ {
uint64_t state = 0; uint64_t state = 0;
int markers[3] = { 0 }; int markers[3] = { 0 };
int i, sum, max, data_type, data_size, offset; int i, pos, sum, max, data_type, data_size, offset;
uint8_t *buf; uint8_t *buf;
for (buf = p->buf; buf < p->buf + p->buf_size; buf++) { for (pos = 0; pos < p->buf_size; pos++) {
state = (state << 8) | *buf; state = (state << 8) | p->buf[pos];
if (!IS_LE_MARKER(state)) if (!IS_LE_MARKER(state))
continue; continue;
buf = p->buf + pos + 1;
if (IS_16LE_MARKER(state)) { if (IS_16LE_MARKER(state)) {
data_type = AV_RL16(buf + 1); data_type = AV_RL16(buf );
data_size = AV_RL16(buf + 3); data_size = AV_RL16(buf + 2);
buf += 4;
} else { } else {
data_type = AV_RL24(buf + 1); data_type = AV_RL24(buf );
data_size = AV_RL24(buf + 4); data_size = AV_RL24(buf + 3);
buf += 6;
} }
if (s337m_get_offset_and_codec(NULL, state, data_type, data_size, &offset, NULL)) if (s337m_get_offset_and_codec(NULL, state, data_type, data_size, &offset, NULL))
...@@ -110,7 +109,8 @@ static int s337m_probe(AVProbeData *p) ...@@ -110,7 +109,8 @@ static int s337m_probe(AVProbeData *p)
i = IS_16LE_MARKER(state) ? 0 : IS_20LE_MARKER(state) ? 1 : 2; i = IS_16LE_MARKER(state) ? 0 : IS_20LE_MARKER(state) ? 1 : 2;
markers[i]++; markers[i]++;
buf += offset; pos += IS_16LE_MARKER(state) ? 4 : 6;
pos += offset;
state = 0; state = 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment