[FFmpeg-devel] [PATCH] dfa: implement tdlt chunk decoding

Sun Apr 7 02:54:56 CEST 2013

On 2013-04-06 1:30 PM, Paul B Mahol wrote:
> +        int count = bytestream2_get_byte(gb) << 1;
> +        int skip = bytestream2_get_byte(gb) << 1;
> +
> +        frame += skip;
> +        if (frame_end - frame < count)
> +            return AVERROR_INVALIDDATA;

Pointer subtraction that falls outside the array is undefined in C.

It's possible that occurs here, given skip is read.

- Derek