From 69619a13c3fef940cba545cf0a283ff22771dd71 Mon Sep 17 00:00:00 2001
From: Chris Evans <cevans@chromium.org>
Date: Tue, 19 Jul 2011 17:51:48 -0700
Subject: [PATCH] matroskadec: fix integer underflow if header length < probe
 length.

This fixes a crash with specifically crafted files.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
---
 libavformat/matroskadec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 852760cc4..037997742 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -903,6 +903,8 @@ static int matroska_probe(AVProbeData *p)
      * Not fully fool-proof, but good enough. */
     for (i = 0; i < FF_ARRAY_ELEMS(matroska_doctypes); i++) {
         int probelen = strlen(matroska_doctypes[i]);
+        if (total < probelen)
+            continue;
         for (n = 4+size; n <= 4+size+total-probelen; n++)
             if (!memcmp(p->buf+n, matroska_doctypes[i], probelen))
                 return AVPROBE_SCORE_MAX;
-- 
2.11.0