Browse code
flacdec: simplify bounds checking in flac_probe()
Simplify `p->buf > p->buf + p->buf_size - 4' as `p->buf_size < 4'.
Avoid a possible out-of-bounds pointer, which is undefined behavior
in C.
CC: libav-stable@libav.org
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 8425d693eefbedbb41f91735614d41067695aa37)
Xi Wang authored on 2013/03/15 20:11:47Showing 1 changed files
| ... | ... |
@@ -278,11 +278,9 @@ static int flac_read_header(AVFormatContext *s) |
| 278 | 278 |
|
| 279 | 279 |
static int flac_probe(AVProbeData *p) |
| 280 | 280 |
{
|
| 281 |
- uint8_t *bufptr = p->buf; |
|
| 282 |
- uint8_t *end = p->buf + p->buf_size; |
|
| 283 |
- |
|
| 284 |
- if(bufptr > end-4 || memcmp(bufptr, "fLaC", 4)) return 0; |
|
| 285 |
- else return AVPROBE_SCORE_MAX/2; |
|
| 281 |
+ if (p->buf_size < 4 || memcmp(p->buf, "fLaC", 4)) |
|
| 282 |
+ return 0; |
|
| 283 |
+ return AVPROBE_SCORE_MAX/2; |
|
| 286 | 284 |
} |
| 287 | 285 |
|
| 288 | 286 |
AVInputFormat ff_flac_demuxer = {
|