[FFmpeg-cvslog] avcodec/indeo3: use signed variables to avoid underflow
Michael Niedermayer
git at videolan.org
Sun Dec 21 04:50:35 CET 2014
ffmpeg | branch: release/1.1 | Michael Niedermayer <michaelni at gmx.at> | Wed Dec 17 03:14:21 2014 +0100| [e78e2dc6e15d8699bf0b60299b0f7d5c20830c22] | committer: Michael Niedermayer
avcodec/indeo3: use signed variables to avoid underflow
Fixes out of array read
Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 3305acdc92fa37869f160a11a87741c8a0de0454)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e78e2dc6e15d8699bf0b60299b0f7d5c20830c22
---
libavcodec/indeo3.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c
index 9a93f57..85af622 100644
--- a/libavcodec/indeo3.c
+++ b/libavcodec/indeo3.c
@@ -94,7 +94,7 @@ typedef struct Indeo3DecodeContext {
int16_t width, height;
uint32_t frame_num; ///< current frame number (zero-based)
- uint32_t data_size; ///< size of the frame data in bytes
+ int data_size; ///< size of the frame data in bytes
uint16_t frame_flags; ///< frame properties
uint8_t cb_offset; ///< needed for selecting VQ tables
uint8_t buf_sel; ///< active frame buffer: 0 - primary, 1 -secondary
@@ -906,7 +906,8 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx,
GetByteContext gb;
const uint8_t *bs_hdr;
uint32_t frame_num, word2, check_sum, data_size;
- uint32_t y_offset, u_offset, v_offset, starts[3], ends[3];
+ int y_offset, u_offset, v_offset;
+ uint32_t starts[3], ends[3];
uint16_t height, width;
int i, j;
More information about the ffmpeg-cvslog
mailing list