From e146ad95d79b1a6e6b9e566366b832825c79679f Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Thu, 29 Dec 2011 21:26:30 +0100
Subject: [PATCH] mlp_parser: Fix infinite loop with 0 bytes_left.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/mlp_parser.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/mlp_parser.c b/libavcodec/mlp_parser.c
index 4ceea5e9e1..f31e2d5727 100644
--- a/libavcodec/mlp_parser.c
+++ b/libavcodec/mlp_parser.c
@@ -263,6 +263,9 @@ static int mlp_parse(AVCodecParserContext *s,
         mp->bytes_left = ((mp->pc.index > 0 ? mp->pc.buffer[0] : buf[0]) << 8)
                        |  (mp->pc.index > 1 ? mp->pc.buffer[1] : buf[1-mp->pc.index]);
         mp->bytes_left = (mp->bytes_left & 0xfff) * 2;
+        if (mp->bytes_left <= 0) { // prevent infinite loop
+            goto lost_sync;
+        }
         mp->bytes_left -= mp->pc.index;
     }