flacdec: simplify bounds checking in flac_probe()
authorXi Wang <xi.wang@gmail.com>
Fri, 15 Mar 2013 11:11:47 +0000 (07:11 -0400)
committerReinhard Tartler <siretart@tauware.de>
Thu, 9 May 2013 09:29:05 +0000 (11:29 +0200)
Simplify `p->buf > p->buf + p->buf_size - 4' as `p->buf_size < 4'.
Avoid a possible out-of-bounds pointer, which is undefined behavior
in C.

CC: libav-stable@libav.org
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 8425d693eefbedbb41f91735614d41067695aa37)

libavformat/flacdec.c

index 02452b4..32b583f 100644 (file)
@@ -116,11 +116,9 @@ static int flac_read_header(AVFormatContext *s,
 
 static int flac_probe(AVProbeData *p)
 {
-    uint8_t *bufptr = p->buf;
-    uint8_t *end    = p->buf + p->buf_size;
-
-    if(bufptr > end-4 || memcmp(bufptr, "fLaC", 4)) return 0;
-    else                                            return AVPROBE_SCORE_MAX/2;
+    if (p->buf_size < 4 || memcmp(p->buf, "fLaC", 4))
+        return 0;
+    return AVPROBE_SCORE_MAX/2;
 }
 
 AVInputFormat ff_flac_demuxer = {