From b5c69144556a437103ef363ebb398864e86dd3a0 Mon Sep 17 00:00:00 2001
From: Julian Scheel <julian@jusst.de>
Date: Sat, 13 Dec 2008 12:24:38 +0000
Subject: Fix possible segfault on buffer underrun.

---
 src/libvdpau/h264_parser.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src')

diff --git a/src/libvdpau/h264_parser.c b/src/libvdpau/h264_parser.c
index 65ca7c85b..f3ee412d7 100644
--- a/src/libvdpau/h264_parser.c
+++ b/src/libvdpau/h264_parser.c
@@ -1031,6 +1031,14 @@ int parse_frame(struct nal_parser *parser, uint8_t *inbuf, int inbuf_len,
       }
 
       if (parser->last_nal_res != 2) {
+        if (parser->buf_len + parser->prebuf_len > MAX_FRAME_SIZE) {
+          printf("buf underrun!!\n");
+          parser->buf_len = 0;
+          *ret_len = 0;
+          *ret_buf = NULL;
+          return parsed_len;
+        }
+
         /* this is a SLICE, keep it in the buffer */
         xine_fast_memcpy(parser->buf + parser->buf_len, prebuf, parser->prebuf_len);
         parser->buf_len += parser->prebuf_len;
-- 
cgit v1.2.3