From dbc53ffc7c398f90ae1cf59e513d3882bc0dc188 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= <Reimar.Doeffinger@gmx.de>
Date: Sun, 31 May 2009 10:23:38 +0000
Subject: [PATCH] Change buffer size checks to avoid the undefined overflow
 case.

Originally committed as revision 19047 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/lcldec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/lcldec.c b/libavcodec/lcldec.c
index 4a5a2eb7997..9ad731e56a9 100644
--- a/libavcodec/lcldec.c
+++ b/libavcodec/lcldec.c
@@ -87,7 +87,7 @@ static unsigned int mszh_decomp(unsigned char * srcptr, int srclen, unsigned cha
             continue;
         }
         if ((mask & (1 << (--maskbit))) == 0) {
-            if (destptr + 4 > destptr_end)
+            if (destptr_end - destptr < 4)
                 break;
             memcpy(destptr, srcptr, 4);
             srclen -= 4;
@@ -101,7 +101,7 @@ static unsigned int mszh_decomp(unsigned char * srcptr, int srclen, unsigned cha
             ofs &= 0x7ff;
             srclen -= 2;
             cnt *= 4;
-            if (destptr + cnt > destptr_end) {
+            if (destptr_end - destptr < cnt) {
                 cnt =  destptr_end - destptr;
             }
             for (; cnt > 0; cnt--) {
-- 
GitLab