# HG changeset patch
# User bcoudurier
# Date 1211774028 0
# Node ID fa366fc51861442c454c6b8366b9aa8f9ae06010
# Parent  5be8d622e4585a3b27ec588b30b932d85ad32a96
return error if frame_offset is negative, prevent segfault

diff -r 5be8d622e458 -r fa366fc51861 ffmdec.c
--- a/ffmdec.c	Mon May 26 03:53:10 2008 +0000
+++ b/ffmdec.c	Mon May 26 03:53:48 2008 +0000
@@ -104,7 +104,7 @@
             frame_offset = get_be16(pb);
             get_buffer(pb, ffm->packet, ffm->packet_size - FFM_HEADER_SIZE);
             ffm->packet_end = ffm->packet + (ffm->packet_size - FFM_HEADER_SIZE - fill_size);
-            if (ffm->packet_end < ffm->packet)
+            if (ffm->packet_end < ffm->packet || frame_offset < 0)
                 return -1;
             /* if first packet or resynchronization packet, we must
                handle it specifically */