[FFmpeg-devel] oggparsevorbis.c vorbis_comment: check for negative size
matthieu castet
castet.matthieu
Sun Oct 7 14:38:10 CEST 2007
Attila Kinali wrote:
> On Sun, 7 Oct 2007 12:42:13 +0200
> Attila Kinali <attila at kinali.ch> wrote:
>
>
>> The segfault occures, because s is read from the file but only
>> checked to be smaller than the limit, but not whether it is
>> positive, resulting in an overflow when it is a big negative number.
>>
>> Patch attached
>
> Updated patch. Missed another occurence of the same problem.
Why doesn't you make s unsigned ?
Matthieu
More information about the ffmpeg-devel
mailing list