[FFmpeg-devel] oggparsevorbis.c vorbis_comment: check for negative size

matthieu castet castet.matthieu
Sun Oct 7 14:38:10 CEST 2007

Attila Kinali wrote:
> On Sun, 7 Oct 2007 12:42:13 +0200
> Attila Kinali <attila at kinali.ch> wrote:
>> The segfault occures, because s is read from the file but only
>> checked to be smaller than the limit, but not whether it is
>> positive, resulting in an overflow when it is a big negative number.
>> Patch attached
> Updated patch. Missed another occurence of the same problem.
Why doesn't you make s unsigned ?


More information about the ffmpeg-devel mailing list