[Ffmpeg-devel] integer overflow in huffyuv.c:decode_frame()
Tomas Carnecky
tom
Sat Mar 18 02:37:29 CET 2006
if buf_size is big enough, the integer overflows when computing the
third argument to init_get_bits() (line 811 in huffyuv.c).
because the third argument will become negative init_put_bits() sets
s->buffer to null which then causes SIGSEGV later on when get_bits() is
called (line 824 in my case).
Please either check that buf_size is small enough (eg amaller than
INT_MAX/8) or make the third argument unsigned, or any other solution
that suits your coding preferences.
tom
More information about the ffmpeg-devel
mailing list