From eea2f032ad45777c008837fc6469f9f0a06e8d56 Mon Sep 17 00:00:00 2001
From: Baptiste Coudurier <baptiste.coudurier@gmail.com>
Date: Mon, 26 May 2008 03:53:48 +0000
Subject: [PATCH] return error if frame_offset is negative, prevent segfault

Originally committed as revision 13420 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavformat/ffmdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c
index 84bd5e9fba..2b9fbd4ba2 100644
--- a/libavformat/ffmdec.c
+++ b/libavformat/ffmdec.c
@@ -104,7 +104,7 @@ static int ffm_read_data(AVFormatContext *s,
             frame_offset = get_be16(pb);
             get_buffer(pb, ffm->packet, ffm->packet_size - FFM_HEADER_SIZE);
             ffm->packet_end = ffm->packet + (ffm->packet_size - FFM_HEADER_SIZE - fill_size);
-            if (ffm->packet_end < ffm->packet)
+            if (ffm->packet_end < ffm->packet || frame_offset < 0)
                 return -1;
             /* if first packet or resynchronization packet, we must
                handle it specifically */