From 9cbc1fd23a532173bfe34cef6cd845874a5d0d5a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Stadler?= <rene.stadler@collabora.co.uk>
Date: Fri, 4 Nov 2011 13:04:19 +0100
Subject: [PATCH] h264parser: add more size checks and improve existing

Don't subtract with unsigned values, that will bite us. Also fix format
specifier in the log message.
---
 gst-libs/gst/codecparsers/gsth264parser.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/gst-libs/gst/codecparsers/gsth264parser.c b/gst-libs/gst/codecparsers/gsth264parser.c
index 87bff4eb66..6b79a41053 100644
--- a/gst-libs/gst/codecparsers/gsth264parser.c
+++ b/gst-libs/gst/codecparsers/gsth264parser.c
@@ -1166,8 +1166,8 @@ gst_h264_parser_identify_nalu (GstH264NalParser * nalparser,
 {
   gint off1, off2;
 
-  if (size - offset < 4) {
-    GST_DEBUG ("Can't parse, buffer has too small size %" G_GSSIZE_FORMAT
+  if (size < offset + 4) {
+    GST_DEBUG ("Can't parse, buffer has too small size %" G_GSIZE_FORMAT
         ", offset %u", size, offset);
     return GST_H264_PARSER_ERROR;
   }
@@ -1240,6 +1240,12 @@ gst_h264_parser_identify_nalu_avc (GstH264NalParser * nalparser,
 {
   GstBitReader br;
 
+  if (size < offset + nal_length_size) {
+    GST_DEBUG ("Can't parse, buffer has too small size %" G_GSIZE_FORMAT
+        ", offset %u", size, offset);
+    return GST_H264_PARSER_ERROR;
+  }
+
   size = size - offset;
   gst_bit_reader_init (&br, data + offset, size);