[FFmpeg-cvslog] escape124: fix integer overflow leading to excessive memory allocation

Michael Niedermayer git at videolan.org
Thu Aug 16 22:34:57 CEST 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Aug 16 22:28:29 2012 +0200| [3d7817048cb387de87600f2152075f78b37b60a6] | committer: Michael Niedermayer

escape124: fix integer overflow leading to excessive memory allocation

Fixes Ticket1629

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3d7817048cb387de87600f2152075f78b37b60a6
---

 libavcodec/escape124.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/escape124.c b/libavcodec/escape124.c
index 12569c1..0ef16b5 100644
--- a/libavcodec/escape124.c
+++ b/libavcodec/escape124.c
@@ -48,7 +48,7 @@ typedef struct Escape124Context {
     CodeBook codebooks[3];
 } Escape124Context;
 
-static int can_safely_read(GetBitContext* gb, int bits) {
+static int can_safely_read(GetBitContext* gb, uint64_t bits) {
     return get_bits_left(gb) >= bits;
 }
 
@@ -90,7 +90,7 @@ static CodeBook unpack_codebook(GetBitContext* gb, unsigned depth,
     unsigned i, j;
     CodeBook cb = { 0 };
 
-    if (!can_safely_read(gb, size * 34))
+    if (!can_safely_read(gb, size * 34L))
         return cb;
 
     if (size >= INT_MAX / sizeof(MacroBlock))



More information about the ffmpeg-cvslog mailing list