4xmdec: fix integer overflow, null ptr dereference

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2012-11-20 02:59:55 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2012-11-20 03:00:22 +0100
commit: aed128f07d142a7afc51f1f0c572a31b3b9bc2a6 (patch)
tree: 2c9fae4da286f51949f425a9bcb84e985a9b1c24 /libavcodec/4xm.c
parent: ed27ed9f4f72564f3653ac230cf57697de77f804 (diff)
download: ffmpeg-aed128f07d142a7afc51f1f0c572a31b3b9bc2a6.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c
index bd70692273..bf0241a8f4 100644
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@@ -428,7 +428,7 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length)
         bytestream_size = FFMAX(length - bitstream_size - wordstream_size, 0);
     }
 
-    if (bitstream_size > length ||
+    if (bitstream_size > length || bitstream_size >= INT_MAX/8 ||
         bytestream_size > length - bitstream_size ||
         wordstream_size > length - bytestream_size - bitstream_size ||
         extra > length - bytestream_size - bitstream_size - wordstream_size) {
author	Michael Niedermayer <michaelni@gmx.at>	2012-11-20 02:59:55 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2012-11-20 03:00:22 +0100
commit	aed128f07d142a7afc51f1f0c572a31b3b9bc2a6 (patch)
tree	2c9fae4da286f51949f425a9bcb84e985a9b1c24 /libavcodec/4xm.c
parent	ed27ed9f4f72564f3653ac230cf57697de77f804 (diff)
download	ffmpeg-aed128f07d142a7afc51f1f0c572a31b3b9bc2a6.tar.gz