Fix possible crashes in mlp parser, it tries to go back 7 bytes after

finding the 4-byte signature. Add a check that ignores the signature if we do not have enough previous data to go back at least 7 bytes. Originally committed as revision 21487 to svn://svn.ffmpeg.org/ffmpeg/trunk
author: Reimar Döffinger <Reimar.Doeffinger@gmx.de> 2010-01-27 20:04:19 +0000
committer: Reimar Döffinger <Reimar.Doeffinger@gmx.de> 2010-01-27 20:04:19 +0000
commit: 7e2ef1b9e148e75a8d552f15805878f6a344e36e (patch)
tree: 6371fc078a38f07fb39329b8dc78258d413bca17 /libavcodec/mlp_parser.c
parent: d780511b94855a305003f33ac63630dc9cba5084 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/libavcodec/mlp_parser.c b/libavcodec/mlp_parser.c
index 42295cc352..65f5dc5178 100644
--- a/libavcodec/mlp_parser.c
+++ b/libavcodec/mlp_parser.c
@@ -176,7 +176,9 @@ static int mlp_parse(AVCodecParserContext *s,
 
         for (i = 0; i < buf_size; i++) {
             mp->pc.state = (mp->pc.state << 8) | buf[i];
-            if ((mp->pc.state & 0xfffffffe) == 0xf8726fba) {
+            if ((mp->pc.state & 0xfffffffe) == 0xf8726fba &&
+                // ignore if we do not have the data for the start of header
+                mp->pc.index + i >= 7) {
                 mp->in_sync = 1;
                 mp->bytes_left = 0;
                 break;
author	Reimar Döffinger <Reimar.Doeffinger@gmx.de>	2010-01-27 20:04:19 +0000
committer	Reimar Döffinger <Reimar.Doeffinger@gmx.de>	2010-01-27 20:04:19 +0000
commit	7e2ef1b9e148e75a8d552f15805878f6a344e36e (patch)
tree	6371fc078a38f07fb39329b8dc78258d413bca17 /libavcodec/mlp_parser.c
parent	d780511b94855a305003f33ac63630dc9cba5084 (diff)