From 1a2a1d90775b5be03254d123e4b617145a269572 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Tue, 4 Mar 2008 21:39:21 +0000
Subject: Prevent segfault due to reading over the end of the input buffer.

Originally committed as revision 12315 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/apedec.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'libavcodec/apedec.c')

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 032bc73976..915a2f35d9 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -256,7 +256,10 @@ static inline void range_start_decoding(APEContext * ctx)
 static inline void range_dec_normalize(APEContext * ctx)
 {
     while (ctx->rc.range <= BOTTOM_VALUE) {
-        ctx->rc.buffer = (ctx->rc.buffer << 8) | bytestream_get_byte(&ctx->ptr);
+        ctx->rc.buffer <<= 8;
+        if(ctx->ptr < ctx->data_end)
+            ctx->rc.buffer += *ctx->ptr;
+        ctx->ptr++;
         ctx->rc.low    = (ctx->rc.low << 8)    | ((ctx->rc.buffer >> 1) & 0xFF);
         ctx->rc.range  <<= 8;
     }
-- 
cgit v1.2.3