From 115c3bc41f24185477de7e012b799e47693e3b5e Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Thu, 4 Apr 2013 15:17:57 +0200
Subject: matroskadec: Check for overflows in xiph lace decoding

This also detects errors earlier

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/matroskadec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'libavformat/matroskadec.c')

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index d068453e62..39559b5cca 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1992,18 +1992,18 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf,
         uint32_t total = 0;
         for (n = 0; res == 0 && n < *laces - 1; n++) {
             while (1) {
-                if (size == 0) {
+                if (size <= total) {
                     res = AVERROR_INVALIDDATA;
                     break;
                 }
                 temp = *data;
+                total += temp;
                 lace_size[n] += temp;
                 data += 1;
                 size -= 1;
                 if (temp != 0xff)
                     break;
             }
-            total += lace_size[n];
         }
         if (size <= total) {
             res = AVERROR_INVALIDDATA;
-- 
cgit v1.2.3