[FFmpeg-cvslog] avcodec/mpeg12dec: Fix integer overflow

Michael Niedermayer git at videolan.org
Wed Sep 2 21:29:44 CEST 2015


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Sep  2 21:11:07 2015 +0200| [863522431fb2fc7d35fce582fcaacdcf37fc3c44] | committer: Michael Niedermayer

avcodec/mpeg12dec: Fix integer overflow

Fixes: signal_sigabrt_7ffff6ac8cc9_686_cov_1897408623_microsoft_new_way_to_shove_mpeg2_in_asf.dvr_ms

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=863522431fb2fc7d35fce582fcaacdcf37fc3c44
---

 libavcodec/mpeg12dec.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c
index 40600d9..0731605 100644
--- a/libavcodec/mpeg12dec.c
+++ b/libavcodec/mpeg12dec.c
@@ -1490,7 +1490,7 @@ static void mpeg_decode_sequence_extension(Mpeg1Context *s1)
     s->width  |= (horiz_size_ext << 12);
     s->height |= (vert_size_ext  << 12);
     bit_rate_ext = get_bits(&s->gb, 12);  /* XXX: handle it */
-    s->bit_rate += (bit_rate_ext << 18) * 400;
+    s->bit_rate += (bit_rate_ext << 18) * 400LL;
     check_marker(&s->gb, "after bit rate extension");
     s->avctx->rc_buffer_size += get_bits(&s->gb, 8) * 1024 * 16 << 10;
 
@@ -2175,7 +2175,7 @@ static int mpeg1_decode_sequence(AVCodecContext *avctx,
                "frame_rate_index %d is invalid\n", s->frame_rate_index);
         s->frame_rate_index = 1;
     }
-    s->bit_rate = get_bits(&s->gb, 18) * 400;
+    s->bit_rate = get_bits(&s->gb, 18) * 400LL;
     if (check_marker(&s->gb, "in sequence header") == 0) {
         return AVERROR_INVALIDDATA;
     }



More information about the ffmpeg-cvslog mailing list