[FFmpeg-cvslog] r19307 - trunk/libavcodec/h264.c
Alexander Strange
astrange
Tue Jun 30 20:02:48 CEST 2009
On Jun 30, 2009, at 8:11 AM, reimar wrote:
> Author: reimar
> Date: Tue Jun 30 14:11:29 2009
> New Revision: 19307
>
> Log:
> Fix nalsize check to avoid an integer overflow that made the check
> incorrect for nalsize >= INT_MAX
Did you mean > INT_MAX - buf_index?
nalsize can't be > INT_MAX, since it is an int.
> Modified:
> trunk/libavcodec/h264.c
>
> Modified: trunk/libavcodec/h264.c
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- trunk/libavcodec/h264.c Tue Jun 30 13:28:53 2009 (r19306)
> +++ trunk/libavcodec/h264.c Tue Jun 30 14:11:29 2009 (r19307)
> @@ -7505,7 +7505,7 @@ static int decode_nal_units(H264Context
> nalsize = 0;
> for(i = 0; i < h->nal_length_size; i++)
> nalsize = (nalsize << 8) | buf[buf_index++];
> - if(nalsize <= 1 || (nalsize+buf_index > buf_size)){
> + if(nalsize <= 1 || nalsize > buf_size - buf_index){
> if(nalsize == 1){
> buf_index++;
> continue;
> _______________________________________________
> ffmpeg-cvslog mailing list
> ffmpeg-cvslog at mplayerhq.hu
> https://lists.mplayerhq.hu/mailman/listinfo/ffmpeg-cvslog
More information about the ffmpeg-cvslog
mailing list