[FFmpeg-cvslog] avcodec/mpeg12dec: Fix integer overflow
Michael Niedermayer
git at videolan.org
Wed Sep 2 21:29:44 CEST 2015
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Sep 2 21:11:07 2015 +0200| [863522431fb2fc7d35fce582fcaacdcf37fc3c44] | committer: Michael Niedermayer
avcodec/mpeg12dec: Fix integer overflow
Fixes: signal_sigabrt_7ffff6ac8cc9_686_cov_1897408623_microsoft_new_way_to_shove_mpeg2_in_asf.dvr_ms
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=863522431fb2fc7d35fce582fcaacdcf37fc3c44
---
libavcodec/mpeg12dec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c
index 40600d9..0731605 100644
--- a/libavcodec/mpeg12dec.c
+++ b/libavcodec/mpeg12dec.c
@@ -1490,7 +1490,7 @@ static void mpeg_decode_sequence_extension(Mpeg1Context *s1)
s->width |= (horiz_size_ext << 12);
s->height |= (vert_size_ext << 12);
bit_rate_ext = get_bits(&s->gb, 12); /* XXX: handle it */
- s->bit_rate += (bit_rate_ext << 18) * 400;
+ s->bit_rate += (bit_rate_ext << 18) * 400LL;
check_marker(&s->gb, "after bit rate extension");
s->avctx->rc_buffer_size += get_bits(&s->gb, 8) * 1024 * 16 << 10;
@@ -2175,7 +2175,7 @@ static int mpeg1_decode_sequence(AVCodecContext *avctx,
"frame_rate_index %d is invalid\n", s->frame_rate_index);
s->frame_rate_index = 1;
}
- s->bit_rate = get_bits(&s->gb, 18) * 400;
+ s->bit_rate = get_bits(&s->gb, 18) * 400LL;
if (check_marker(&s->gb, "in sequence header") == 0) {
return AVERROR_INVALIDDATA;
}
More information about the ffmpeg-cvslog
mailing list