[FFmpeg-cvslog] ffv1: fix integer overflow in quant table initialization
Michael Niedermayer
git at videolan.org
Thu Jun 7 01:44:20 CEST 2012
ffmpeg | branch: release/0.11 | Michael Niedermayer <michaelni at gmx.at> | Sat Jun 2 02:37:36 2012 +0200| [dc72a59fe53b0003c254b3f17bf0385eeca7e43d] | committer: Michael Niedermayer
ffv1: fix integer overflow in quant table initialization
Fixes part of Ticket1372
Found-by: Piotr Bandurski <ami_stuff at o2.pl>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 9ebe6e391071690dbee79a645c51b14bd55c2ff4)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dc72a59fe53b0003c254b3f17bf0385eeca7e43d
---
libavcodec/ffv1.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c
index 79409e2..21f1761 100644
--- a/libavcodec/ffv1.c
+++ b/libavcodec/ffv1.c
@@ -1651,9 +1651,9 @@ static int read_quant_table(RangeCoder *c, int16_t *quant_table, int scale){
memset(state, 128, sizeof(state));
for(v=0; i<128 ; v++){
- int len= get_symbol(c, state, 0) + 1;
+ unsigned len= get_symbol(c, state, 0) + 1;
- if(len + i > 128) return -1;
+ if(len > 128 - i) return -1;
while(len--){
quant_table[i] = scale*v;
More information about the ffmpeg-cvslog
mailing list