[FFmpeg-cvslog] diracdec: avoid overflow of bytes*8 in decode_lowdelay
Andreas Cadhalpun
git at videolan.org
Wed May 6 01:16:49 CEST 2015
ffmpeg | branch: master | Andreas Cadhalpun <andreas.cadhalpun at googlemail.com> | Tue May 5 22:10:44 2015 +0200| [9e66b39aa87eb653a6e5d15f70b792ccbf719de7] | committer: Michael Niedermayer
diracdec: avoid overflow of bytes*8 in decode_lowdelay
If bytes is large enough, bytes*8 can overflow and become negative.
In that case 'bufsize -= bytes*8' causes bufsize to increase instead of
decrease.
This leads to a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9e66b39aa87eb653a6e5d15f70b792ccbf719de7
---
libavcodec/diracdec.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 4230a06..adbe331 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -801,7 +801,10 @@ static int decode_lowdelay(DiracContext *s)
slice_num++;
buf += bytes;
- bufsize -= bytes*8;
+ if (bufsize/8 >= bytes)
+ bufsize -= bytes*8;
+ else
+ bufsize = 0;
}
avctx->execute(avctx, decode_lowdelay_slice, slices, NULL, slice_num,
More information about the ffmpeg-cvslog
mailing list