[FFmpeg-devel] [PATCH 0/2] Origin Wing Commander IV video decoder

Sun Feb 6 05:03:38 CET 2011

Hi,

On Fri, Feb 4, 2011 at 5:47 PM, Kostya <kostya.shishkov at gmail.com> wrote:
> +static int xan_decode_chroma(AVCodecContext *avctx, AVPacket *avpkt)
[..]
> +    src    = avpkt->data + 4 + chroma_off;
> +    table  = src + 2;
> +    mode   = bytestream_get_le16(&src);
> +    offset = bytestream_get_le16(&src) * 2;
> +
> +    if (src + offset >= avpkt->data + avpkt->size) {

This can still overflow, instead use src - avpkt->data >= avpkt->size
- offset. Rest looks OK.

Ronald