[FFmpeg-cvslog] asfdec: fix integer overflow in packet_replic_size check
Michael Niedermayer
git at videolan.org
Thu Jan 31 03:53:05 CET 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Jan 31 03:36:59 2013 +0100| [fe6767f849d9cfe51f422de9d807137d756de7aa] | committer: Michael Niedermayer
asfdec: fix integer overflow in packet_replic_size check
Fixes assertion failure
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe6767f849d9cfe51f422de9d807137d756de7aa
---
libavformat/asfdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index 5c2cf8b..465d9e5 100644
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -943,7 +943,7 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb){
av_dlog(asf, "key:%d stream:%d seq:%d offset:%d replic_size:%d\n",
asf->packet_key_frame, asf->stream_index, asf->packet_seq,
asf->packet_frag_offset, asf->packet_replic_size);
- if (rsize+asf->packet_replic_size > asf->packet_size_left) {
+ if (rsize+(int64_t)asf->packet_replic_size > asf->packet_size_left) {
av_log(s, AV_LOG_ERROR, "packet_replic_size %d is invalid\n", asf->packet_replic_size);
return AVERROR_INVALIDDATA;
}
More information about the ffmpeg-cvslog
mailing list