aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2014-12-17 03:14:21 +0100
committerMichael Niedermayer <michaelni@gmx.at>2014-12-17 05:24:50 +0100
commit42b7d224bc5918f495cf18a79851be6eb88598ee (patch)
treefea404e093d3c1026b90d812eb1a288e82f89010
parent45bb57e009e444639399682fde583a4379ebbda9 (diff)
downloadffmpeg-42b7d224bc5918f495cf18a79851be6eb88598ee.tar.gz
avcodec/indeo3: use signed variables to avoid underflow
Fixes out of array read Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3305acdc92fa37869f160a11a87741c8a0de0454) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat
-rw-r--r--libavcodec/indeo3.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c
index a94b087bed..da7dd8394b 100644
--- a/libavcodec/indeo3.c
+++ b/libavcodec/indeo3.c
@@ -95,7 +95,7 @@ typedef struct Indeo3DecodeContext {
int16_t width, height;
uint32_t frame_num; ///< current frame number (zero-based)
- uint32_t data_size; ///< size of the frame data in bytes
+ int data_size; ///< size of the frame data in bytes
uint16_t frame_flags; ///< frame properties
uint8_t cb_offset; ///< needed for selecting VQ tables
uint8_t buf_sel; ///< active frame buffer: 0 - primary, 1 -secondary
@@ -897,7 +897,8 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx,
{
const uint8_t *buf_ptr = buf, *bs_hdr;
uint32_t frame_num, word2, check_sum, data_size;
- uint32_t y_offset, u_offset, v_offset, starts[3], ends[3];
+ int y_offset, u_offset, v_offset;
+ uint32_t starts[3], ends[3];
uint16_t height, width;
int i, j;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 22:24:03 +0000