From cb85779d459c6486acbbf060b3f169779424583e Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sun, 10 Feb 2013 17:54:00 +0100
Subject: [PATCH] dpx: include offset in the  total_size calculation

Fixes out of array reads

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/dpx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/dpx.c b/libavcodec/dpx.c
index 0237b44784..310036b0cd 100644
--- a/libavcodec/dpx.c
+++ b/libavcodec/dpx.c
@@ -199,7 +199,7 @@ static int decode_frame(AVCodecContext *avctx,
     for (i=0; i<AV_NUM_DATA_POINTERS; i++)
         ptr[i] = p->data[i];
 
-    if (total_size > avpkt->size) {
+    if (total_size + (int64_t)offset > avpkt->size) {
         av_log(avctx, AV_LOG_ERROR, "Overread buffer. Invalid header?\n");
         return AVERROR_INVALIDDATA;
     }