$NetBSD: patch-CVE-2014-4610,v 1.1 2014/06/27 17:27:39 drochner Exp $

--- libavutil/lzo.c.orig	2014-06-27 16:32:34.000000000 +0000
+++ libavutil/lzo.c
@@ -22,6 +22,7 @@
 #include <string.h>
 
 #include "avutil.h"
+#include "avassert.h"
 #include "common.h"
 #include "intreadwrite.h"
 #include "lzo.h"
@@ -65,8 +66,13 @@ static inline int get_len(LZOContext *c,
 {
     int cnt = x & mask;
     if (!cnt) {
-        while (!(x = get_byte(c)))
+        while (!(x = get_byte(c))) {
+            if (cnt >= INT_MAX - 1000) {
+                c->error |= AV_LZO_ERROR;
+                break;
+            }
             cnt += 255;
+        }
         cnt += mask + x;
     }
     return cnt;
@@ -80,6 +86,7 @@ static inline void copy(LZOContext *c, i
 {
     register const uint8_t *src = c->in;
     register uint8_t *dst       = c->out;
+    av_assert0(cnt >= 0);
     if (cnt > c->in_end - src) {
         cnt       = FFMAX(c->in_end - src, 0);
         c->error |= AV_LZO_INPUT_DEPLETED;
@@ -110,9 +117,9 @@ static inline void copy(LZOContext *c, i
  */
 static inline void copy_backptr(LZOContext *c, int back, int cnt)
 {
-    register const uint8_t *src = &c->out[-back];
     register uint8_t *dst       = c->out;
-    if (src < c->out_start || src > dst) {
+    av_assert0(cnt > 0);
+    if (dst - c->out_start < back) {
         c->error |= AV_LZO_INVALID_BACKPTR;
         return;
     }
