[FFmpeg-cvslog] avformat/mpc8: fix broken pointer math
wm4
git at videolan.org
Tue Feb 17 19:49:55 CET 2015
ffmpeg | branch: release/2.2 | wm4 <nfxjfg at googlemail.com> | Tue Feb 3 19:04:11 2015 +0100| [79d86b844f084b884363396da4ebb561e7c42a73] | committer: Michael Niedermayer
avformat/mpc8: fix broken pointer math
This could overflow and crash at least on 32 bit systems.
Reviewed-by: Reimar Döffinger <Reimar.Doeffinger at gmx.de>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit b737a2c52857b214be246ff615c6293730033cfa)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79d86b844f084b884363396da4ebb561e7c42a73
---
libavformat/mpc8.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c
index 4ddee6a..589c2f7 100644
--- a/libavformat/mpc8.c
+++ b/libavformat/mpc8.c
@@ -91,7 +91,7 @@ static int mpc8_probe(AVProbeData *p)
size = bs_get_v(&bs);
if (size < 2)
return 0;
- if (bs + size - 2 >= bs_end)
+ if (size >= bs_end - bs + 2)
return AVPROBE_SCORE_EXTENSION - 1; // seems to be valid MPC but no header yet
if (header_found) {
if (size < 11 || size > 28)
More information about the ffmpeg-cvslog
mailing list