From 64b7e7dcaf21bd3c9f644446c59acdac6a95892f Mon Sep 17 00:00:00 2001
From: Xi Wang <xi.wang@gmail.com>
Date: Sun, 20 Jan 2013 15:26:12 -0500
Subject: cafdec: fix overflow checking in read_header()

Several compilers such as clang/icc/pathscale will optimize the check
pos + size < pos (assuming size > 0) into false, since signed integer
overflow is undefined behavior in C.  This breaks overflow checking.
Use a safe precondition check instead.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/cafdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libavformat/cafdec.c')

diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index f12226a8f5..337758ee12 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -300,7 +300,7 @@ static int read_header(AVFormatContext *s)
         }
 
         if (size > 0) {
-            if (pos + size < pos)
+            if (pos > INT64_MAX - size)
                 return AVERROR_INVALIDDATA;
             avio_skip(pb, FFMAX(0, pos + size - avio_tell(pb)));
         }
-- 
cgit v1.2.3