[FFmpeg-cvslog] avcodec/mjpegdec: Fix integer overflow in shift
Michael Niedermayer
git at videolan.org
Thu Nov 27 19:37:19 CET 2014
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Nov 27 19:27:05 2014 +0100| [970a8f1c256f08d2f6414d573a54f2fa035c8e7a] | committer: Michael Niedermayer
avcodec/mjpegdec: Fix integer overflow in shift
Fixes: signal_sigabrt_7ffff6ac7bb9_2683_cov_4120310995_m_ijpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=970a8f1c256f08d2f6414d573a54f2fa035c8e7a
---
libavcodec/mjpegdec.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index f2c81e6..a29a533 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -244,7 +244,8 @@ int ff_mjpeg_decode_dht(MJpegDecodeContext *s)
int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
{
- int len, nb_components, i, width, height, bits, pix_fmt_id, ret;
+ int len, nb_components, i, width, height, bits, ret;
+ unsigned pix_fmt_id;
int h_count[MAX_COMPONENTS];
int v_count[MAX_COMPONENTS];
@@ -383,7 +384,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
else if (!s->lossless)
s->rgb = 0;
/* XXX: not complete test ! */
- pix_fmt_id = (s->h_count[0] << 28) | (s->v_count[0] << 24) |
+ pix_fmt_id = ((unsigned)s->h_count[0] << 28) | (s->v_count[0] << 24) |
(s->h_count[1] << 20) | (s->v_count[1] << 16) |
(s->h_count[2] << 12) | (s->v_count[2] << 8) |
(s->h_count[3] << 4) | s->v_count[3];
More information about the ffmpeg-cvslog
mailing list