From 0f13cc732b3752828890b8dff507615cfd454336 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Tue, 6 Mar 2012 19:13:55 +0100
Subject: [PATCH] diracdec: Correct the bytestream end pointer.

This fixes some arith decoder overreads and a potential infinite loop.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/diracdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index b9effd1b8b..f9aace9567 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -625,7 +625,7 @@ static void decode_component(DiracContext *s, int comp)
                 b->quant = svq3_get_ue_golomb(&s->gb);
                 align_get_bits(&s->gb);
                 b->coeff_data = s->gb.buffer + get_bits_count(&s->gb)/8;
-                b->length = FFMIN(b->length, get_bits_left(&s->gb)/8);
+                b->length = FFMIN(b->length, FFMAX(get_bits_left(&s->gb)/8, 0));
                 skip_bits_long(&s->gb, b->length*8);
             }
         }