From 03abf55f252945c70f4a79eaf4d609cee4d98710 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 6 Dec 2014 00:18:29 +0100
Subject: [PATCH] avformat/rmdec: Check for overflow in
 ff_rm_read_mdpr_codecdata()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/rmdec.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index e267b01a1a8..299c74237c5 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -414,7 +414,11 @@ int ff_rm_read_mdpr_codecdata(AVFormatContext *s, AVIOContext *pb,
 skip:
     /* skip codec info */
     size = avio_tell(pb) - codec_pos;
-    avio_skip(pb, codec_data_size - size);
+    if (codec_data_size >= size) {
+        avio_skip(pb, codec_data_size - size);
+    } else {
+        av_log(s, AV_LOG_WARNING, "codec_data_size %u < size %d\n", codec_data_size, size);
+    }
 
     return 0;
 }
-- 
GitLab