[Ffmpeg-cvslog] CVS: ffmpeg/libavcodec mpegvideo.c,1.486,1.487

Michael Niedermayer CVS michael
Tue Jul 26 01:07:30 CEST 2005


Update of /cvsroot/ffmpeg/ffmpeg/libavcodec
In directory mail:/var2/tmp/cvs-serv7818

Modified Files:
	mpegvideo.c 
Log Message:
Fix for overflow issue in mpegvideo.c patch by (Martin Boehme: boehme, inb uni-luebeck de)
this integer overflow might lead to the execution of arbitrary code during encoding with threads


Index: mpegvideo.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavcodec/mpegvideo.c,v
retrieving revision 1.486
retrieving revision 1.487
diff -u -d -r1.486 -r1.487
--- mpegvideo.c	14 Jul 2005 21:39:35 -0000	1.486
+++ mpegvideo.c	25 Jul 2005 23:07:27 -0000	1.487
@@ -2316,8 +2316,8 @@
         int start_y= s->thread_context[i]->start_mb_y;
         int   end_y= s->thread_context[i]->  end_mb_y;
         int h= s->mb_height;
-        uint8_t *start= buf + buf_size*start_y/h;
-        uint8_t *end  = buf + buf_size*  end_y/h;
+        uint8_t *start= buf + (size_t)(((int64_t) buf_size)*start_y/h);
+        uint8_t *end  = buf + (size_t)(((int64_t) buf_size)*  end_y/h);
 
         init_put_bits(&s->thread_context[i]->pb, start, end - start);
     }





More information about the ffmpeg-cvslog mailing list