[FFmpeg-cvslog] r19882 - trunk/libavformat/sierravmd.c
reimar
subversion
Wed Sep 16 17:12:23 CEST 2009
Author: reimar
Date: Wed Sep 16 17:12:23 2009
New Revision: 19882
Log:
Fix overflow check insufficiently improved in r19840.
It assumes that sizeof(vmd_frame) < 64k, otherwise an additional
check to ensure sound_buffers <= UINT_MAX / sizeof(vmd_frame) would be necessary.
Modified:
trunk/libavformat/sierravmd.c
Modified: trunk/libavformat/sierravmd.c
==============================================================================
--- trunk/libavformat/sierravmd.c Wed Sep 16 17:08:26 2009 (r19881)
+++ trunk/libavformat/sierravmd.c Wed Sep 16 17:12:23 2009 (r19882)
@@ -161,7 +161,7 @@ static int vmd_read_header(AVFormatConte
vmd->frame_table = NULL;
sound_buffers = AV_RL16(&vmd->vmd_header[808]);
raw_frame_table_size = vmd->frame_count * 6;
- if(vmd->frame_count * vmd->frames_per_block >= (UINT_MAX - sound_buffers) / sizeof(vmd_frame)){
+ if(vmd->frame_count * vmd->frames_per_block >= UINT_MAX / sizeof(vmd_frame) - sound_buffers){
av_log(s, AV_LOG_ERROR, "vmd->frame_count * vmd->frames_per_block too large\n");
return -1;
}
More information about the ffmpeg-cvslog
mailing list