[FFmpeg-cvslog] avidec: fix signed overflow in avi_sync()

Tue Oct 11 03:52:33 CEST 2011

ffmpeg | branch: master | Mans Rullgard <mans at mansr.com> | Sat Oct  8 01:51:37 2011 +0100| [1703013cb7f06bb6304cbf3c5fd650d8076ee295] | committer: Mans Rullgard

avidec: fix signed overflow in avi_sync()

Keeping byte values read from the file as unsigned is consistent
with how they are subsequently used and avoids an undefined left
shift by 24 when bit 7 is set.

Signed-off-by: Mans Rullgard <mans at mansr.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1703013cb7f06bb6304cbf3c5fd650d8076ee295
---

 libavformat/avidec.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 81f72d3..da92353 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -843,7 +843,8 @@ static int avi_sync(AVFormatContext *s, int exit_early)
 {
     AVIContext *avi = s->priv_data;
     AVIOContext *pb = s->pb;
-    int n, d[8];
+    int n;
+    unsigned int d[8];
     unsigned int size;
     int64_t i, sync;
 
@@ -860,7 +861,7 @@ start_sync:
 
         n= get_stream_idx(d+2);
 //av_log(s, AV_LOG_DEBUG, "%X %X %X %X %X %X %X %X %"PRId64" %d %d\n", d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], i, size, n);
-        if(i + (uint64_t)size > avi->fsize || d[0]<0)
+        if(i + (uint64_t)size > avi->fsize || d[0] > 127)
             continue;
 
         //parse ix##

