aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec/diracdec.c
diff options
context:
space:
mode:
authorAndreas Cadhalpun <andreas.cadhalpun@googlemail.com>2015-05-05 22:10:44 +0200
committerMichael Niedermayer <michaelni@gmx.at>2015-05-21 20:43:37 +0200
commit448d6488b14179462e28933594d84668aad20d1c (patch)
treeec18f95349a036f721851b6de441c0e74c5ad184 /libavcodec/diracdec.c
parente67181a3518f6c6cc687aa5d4d625b067e252ad1 (diff)
downloadffmpeg-448d6488b14179462e28933594d84668aad20d1c.tar.gz
diracdec: avoid overflow of bytes*8 in decode_lowdelay
If bytes is large enough, bytes*8 can overflow and become negative. In that case 'bufsize -= bytes*8' causes bufsize to increase instead of decrease. This leads to a segmentation fault. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 9e66b39aa87eb653a6e5d15f70b792ccbf719de7) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/diracdec.c')
-rw-r--r--libavcodec/diracdec.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 09ca077fe3..edb56a6e99 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -799,7 +799,10 @@ static void decode_lowdelay(DiracContext *s)
slice_num++;
buf += bytes;
- bufsize -= bytes*8;
+ if (bufsize/8 >= bytes)
+ bufsize -= bytes*8;
+ else
+ bufsize = 0;
}
avctx->execute(avctx, decode_lowdelay_slice, slices, NULL, slice_num,