aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Cadhalpun <andreas.cadhalpun@googlemail.com>2015-05-05 22:10:44 +0200
committerMichael Niedermayer <michaelni@gmx.at>2015-06-01 23:25:22 +0200
commit68c11b665458bf43d5f751131c43c6e402e5e02f (patch)
tree1027b47437f23411b66bf8d89f202970c547e12d
parent10429a5284cd820c0a641622749b07dbc02d703f (diff)
downloadffmpeg-68c11b665458bf43d5f751131c43c6e402e5e02f.tar.gz
diracdec: avoid overflow of bytes*8 in decode_lowdelay
If bytes is large enough, bytes*8 can overflow and become negative. In that case 'bufsize -= bytes*8' causes bufsize to increase instead of decrease. This leads to a segmentation fault. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 9e66b39aa87eb653a6e5d15f70b792ccbf719de7) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat
-rw-r--r--libavcodec/diracdec.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index a6b52e0016..533f37b460 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -799,7 +799,10 @@ static void decode_lowdelay(DiracContext *s)
slice_num++;
buf += bytes;
- bufsize -= bytes*8;
+ if (bufsize/8 >= bytes)
+ bufsize -= bytes*8;
+ else
+ bufsize = 0;
}
avctx->execute(avctx, decode_lowdelay_slice, slices, NULL, slice_num,
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 20:31:39 +0000