[FFmpeg-devel] [PATCH] IVF demuxer

[Reimar Döffinger]

On Thu, May 20, 2010 at 09:26:23PM -0400, David Conrad wrote:
> +    int ret, size = get_le32(s->pb);

Forgot: reading a 32 bit value into a signed int and using it
in av_get_packet without range check seems like a really bad idea to me.