From 4db819bc7f47f1fe41caec63ad6122d2c999c95c Mon Sep 17 00:00:00 2001
From: Luca Barbato <lu_zero@gentoo.org>
Date: Wed, 10 Jun 2009 14:56:50 +0000
Subject: [PATCH] Make sure buffer end remains constant within the loop

otherwise ff_find_start_code could read over the buffer size

Originally committed as revision 19142 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavformat/rtp_mpv.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavformat/rtp_mpv.c b/libavformat/rtp_mpv.c
index f3f45013676..b23c8f86e8a 100644
--- a/libavformat/rtp_mpv.c
+++ b/libavformat/rtp_mpv.c
@@ -31,6 +31,7 @@ void ff_rtp_send_mpegvideo(AVFormatContext *s1, const uint8_t *buf1, int size)
     RTPMuxContext *s = s1->priv_data;
     int len, h, max_packet_size;
     uint8_t *q;
+    const uint8_t *end = buf1 + size;
     int begin_of_slice, end_of_slice, frame_type, temporal_reference;
 
     max_packet_size = s->max_payload_size;
@@ -55,7 +56,7 @@ void ff_rtp_send_mpegvideo(AVFormatContext *s1, const uint8_t *buf1, int size)
             r1 = buf1;
             while (1) {
                 start_code = -1;
-                r = ff_find_start_code(r1, buf1 + size, &start_code);
+                r = ff_find_start_code(r1, end, &start_code);
                 if((start_code & 0xFFFFFF00) == 0x100) {
                     /* New start code found */
                     if (start_code == 0x100) {
-- 
GitLab