Merge commit 'ca6c3f2c53be70aa3c38e8f1292809db89ea1ba6'

* commit 'ca6c3f2c53be70aa3c38e8f1292809db89ea1ba6':
  lzo: fix overflow checking in copy_backptr()
  flacdec: simplify bounds checking in flac_probe()
  atrac3: avoid oversized shifting in decode_bytes()

Conflicts:
	libavformat/flacdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>

libavcodec/atrac3.c

@@ -164,7 +164,10 @@ static int decode_bytes(const uint8_t *input, uint8_t *out, int bytes)
 
     off = (intptr_t)input & 3;
     buf = (const uint32_t *)(input - off);
-    c   = av_be2ne32((0x537F6103 >> (off * 8)) | (0x537F6103 << (32 - (off * 8))));
+    if (off)
+        c = av_be2ne32((0x537F6103U >> (off * 8)) | (0x537F6103U << (32 - (off * 8))));
+    else
+        c = av_be2ne32(0x537F6103U);
     bytes += 3 + off;
     for (i = 0; i < bytes / 4; i++)
         output[i] = c ^ buf[i];

libavformat/flacdec.c

@@ -278,11 +278,9 @@ fail:
 
 static int flac_probe(AVProbeData *p)
 {
-    const uint8_t *bufptr = p->buf;
-    const uint8_t *end    = p->buf + p->buf_size;
-
-    if(bufptr > end-4 || memcmp(bufptr, "fLaC", 4)) return 0;
-    else                                            return AVPROBE_SCORE_MAX/2;
+    if (p->buf_size < 4 || memcmp(p->buf, "fLaC", 4))
+        return 0;
+    return AVPROBE_SCORE_MAX/2;
 }
 
 AVInputFormat ff_flac_demuxer = {

libavutil/lzo.c

@@ -110,9 +110,8 @@ static inline void copy(LZOContext *c, int cnt)
  */
 static inline void copy_backptr(LZOContext *c, int back, int cnt)
 {
-    register const uint8_t *src = &c->out[-back];
     register uint8_t *dst       = c->out;
-    if (src < c->out_start || src > dst) {
+    if (dst - c->out_start < back) {
         c->error |= AV_LZO_INVALID_BACKPTR;
         return;
     }