[FFmpeg-cvslog] 4xmdec: fix integer overflow, null ptr dereference
Michael Niedermayer
git at videolan.org
Tue Nov 20 04:05:48 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Nov 20 02:59:55 2012 +0100| [aed128f07d142a7afc51f1f0c572a31b3b9bc2a6] | committer: Michael Niedermayer
4xmdec: fix integer overflow, null ptr dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aed128f07d142a7afc51f1f0c572a31b3b9bc2a6
---
libavcodec/4xm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c
index bd70692..bf0241a 100644
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@@ -428,7 +428,7 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length)
bytestream_size = FFMAX(length - bitstream_size - wordstream_size, 0);
}
- if (bitstream_size > length ||
+ if (bitstream_size > length || bitstream_size >= INT_MAX/8 ||
bytestream_size > length - bitstream_size ||
wordstream_size > length - bytestream_size - bitstream_size ||
extra > length - bytestream_size - bitstream_size - wordstream_size) {
More information about the ffmpeg-cvslog
mailing list