[Ffmpeg-devel] integer overflow in huffyuv.c:decode_frame()

Tomas Carnecky tom
Sat Mar 18 02:37:29 CET 2006

if buf_size is big enough, the integer overflows when computing the
third argument to init_get_bits() (line 811 in huffyuv.c).
because the third argument will become negative init_put_bits() sets
s->buffer to null which then causes SIGSEGV later on when get_bits() is
called (line 824 in my case).

Please either check that buf_size is small enough (eg amaller than
INT_MAX/8) or make the third argument unsigned, or any other solution
that suits your coding preferences.


More information about the ffmpeg-devel mailing list