[FFmpeg-cvslog] r19307 - trunk/libavcodec/h264.c

reimar subversion
Tue Jun 30 14:11:29 CEST 2009


Author: reimar
Date: Tue Jun 30 14:11:29 2009
New Revision: 19307

Log:
Fix nalsize check to avoid an integer overflow that made the check
incorrect for nalsize >= INT_MAX

Modified:
   trunk/libavcodec/h264.c

Modified: trunk/libavcodec/h264.c
==============================================================================
--- trunk/libavcodec/h264.c	Tue Jun 30 13:28:53 2009	(r19306)
+++ trunk/libavcodec/h264.c	Tue Jun 30 14:11:29 2009	(r19307)
@@ -7505,7 +7505,7 @@ static int decode_nal_units(H264Context 
             nalsize = 0;
             for(i = 0; i < h->nal_length_size; i++)
                 nalsize = (nalsize << 8) | buf[buf_index++];
-            if(nalsize <= 1 || (nalsize+buf_index > buf_size)){
+            if(nalsize <= 1 || nalsize > buf_size - buf_index){
                 if(nalsize == 1){
                     buf_index++;
                     continue;



More information about the ffmpeg-cvslog mailing list