From bb131f4c669c0fcfac325e2d0a6676c95bb425c7 Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Wed, 2 Jul 2014 00:14:18 +0200
Subject: demux_mkv: minor improvement to overflow check

CC: @mpv-player/stable
---
 demux/demux_mkv.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'demux/demux_mkv.c')

diff --git a/demux/demux_mkv.c b/demux/demux_mkv.c
index 25591cd60a..470a9b9847 100644
--- a/demux/demux_mkv.c
+++ b/demux/demux_mkv.c
@@ -271,7 +271,8 @@ static bstr demux_mkv_decode(struct mp_log *log, mkv_track_t *track,
         } else if (enc->comp_algo == 2) {
             /* lzo encoded track */
             int out_avail;
-            if (size > INT_MAX / 3 + AV_LZO_OUTPUT_PADDING)
+            int maxlen = INT_MAX - AV_LZO_OUTPUT_PADDING;
+            if (size >= maxlen / 3)
                 goto error;
             int dstlen = size * 3;
 
@@ -291,7 +292,7 @@ static bstr demux_mkv_decode(struct mp_log *log, mkv_track_t *track,
                     goto error;
                 }
                 mp_dbg(log, "lzo decompression buffer too small.\n");
-                if (dstlen > INT_MAX / 2 + AV_LZO_OUTPUT_PADDING) {
+                if (dstlen >= maxlen / 2) {
                     talloc_free(dest);
                     dest = NULL;
                     goto error;
-- 
cgit v1.2.3