[FFmpeg-cvslog] avcodec/mss2: Fix integer overflow

Michael Niedermayer git at videolan.org
Wed Jul 1 20:58:31 CEST 2015


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed Jul  1 20:29:44 2015 +0200| [ce81e47c911fcff4f006b3b14b40a396eaa77696] | committer: Michael Niedermayer

avcodec/mss2: Fix integer overflow

This also simplifies the code
Fixes: signal_sigabrt_7ffff6ac8cc9_2943_cov_3588637614_mss2_speech.wmv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ce81e47c911fcff4f006b3b14b40a396eaa77696
---

 libavcodec/mss2.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/mss2.c b/libavcodec/mss2.c
index f57685d..f788143 100644
--- a/libavcodec/mss2.c
+++ b/libavcodec/mss2.c
@@ -52,9 +52,9 @@ static void arith2_normalise(ArithCoder *c)
             c->value ^= 0x8000;
             c->low   ^= 0x8000;
         }
-        c->high  = c->high  << 8 & 0xFFFFFF | 0xFF;
-        c->value = c->value << 8 & 0xFFFFFF | bytestream2_get_byte(c->gbc.gB);
-        c->low   = c->low   << 8 & 0xFFFFFF;
+        c->high  = (uint16_t)c->high  << 8  | 0xFF;
+        c->value = (uint16_t)c->value << 8  | bytestream2_get_byte(c->gbc.gB);
+        c->low   = (uint16_t)c->low   << 8;
     }
 }
 



More information about the ffmpeg-cvslog mailing list