[FFmpeg-devel] [libav-devel] [PATCH] hqx: correct type and size check of info_offset
Vittorio Giovara
vittorio.giovara at gmail.com
Mon Nov 16 12:55:40 CET 2015
On Sun, Nov 15, 2015 at 10:50 AM, Andreas Cadhalpun
<andreas.cadhalpun at gmail.com> wrote:
> It is used as size argument of ff_canopus_parse_info_tag, which uses it
> as size argument to bytestream2_init, which only supports sizes up to
> INT_MAX.
> Changing it's type to unsigned simplifies the check.
>
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
> libavcodec/hqx.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/hqx.c b/libavcodec/hqx.c
> index 8060c7a..138d960 100644
> --- a/libavcodec/hqx.c
> +++ b/libavcodec/hqx.c
> @@ -417,8 +417,8 @@ static int hqx_decode_frame(AVCodecContext *avctx, void *data,
>
> info_tag = AV_RL32(src);
> if (info_tag == MKTAG('I', 'N', 'F', 'O')) {
> - int info_offset = AV_RL32(src + 4);
> - if (info_offset > UINT32_MAX - 8 || info_offset + 8 > avpkt->size) {
> + unsigned info_offset = AV_RL32(src + 4);
> + if (info_offset > INT_MAX || info_offset + 8 > avpkt->size) {
> av_log(avctx, AV_LOG_ERROR,
> "Invalid INFO header offset: 0x%08"PRIX32" is too large.\n",
> info_offset);
> --
> 2.6.2
lgtm, thanks
--
Vittorio
More information about the ffmpeg-devel
mailing list