aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Boehme <boehme@inb.uni-luebeck.de>2005-07-25 23:07:27 +0000
committerMichael Niedermayer <michaelni@gmx.at>2005-07-25 23:07:27 +0000
commitacb22f9391039f8dde736f9453f351f58b04808d (patch)
treee59b28c2561dd4c8a5de6564a5cde75725c7d1d1
parentd8cbeba1563f3e481aba7a4c72fa54c9b961ebdc (diff)
downloadffmpeg-acb22f9391039f8dde736f9453f351f58b04808d.tar.gz
Fix for overflow issue in mpegvideo.c patch by (Martin Boehme: boehme, inb uni-luebeck de)
this integer overflow might lead to the execution of arbitrary code during encoding with threads Originally committed as revision 4474 to svn://svn.ffmpeg.org/ffmpeg/trunk
-rw-r--r--libavcodec/mpegvideo.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c
index a6017136e1..87a56ffa56 100644
--- a/libavcodec/mpegvideo.c
+++ b/libavcodec/mpegvideo.c
@@ -2316,8 +2316,8 @@ int MPV_encode_picture(AVCodecContext *avctx,
int start_y= s->thread_context[i]->start_mb_y;
int end_y= s->thread_context[i]-> end_mb_y;
int h= s->mb_height;
- uint8_t *start= buf + buf_size*start_y/h;
- uint8_t *end = buf + buf_size* end_y/h;
+ uint8_t *start= buf + (size_t)(((int64_t) buf_size)*start_y/h);
+ uint8_t *end = buf + (size_t)(((int64_t) buf_size)* end_y/h);
init_put_bits(&s->thread_context[i]->pb, start, end - start);
}