diff options
author | Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> | 2015-05-05 22:10:44 +0200 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2015-05-21 20:43:37 +0200 |
commit | 448d6488b14179462e28933594d84668aad20d1c (patch) | |
tree | ec18f95349a036f721851b6de441c0e74c5ad184 /libavcodec/diracdec.c | |
parent | e67181a3518f6c6cc687aa5d4d625b067e252ad1 (diff) | |
download | ffmpeg-448d6488b14179462e28933594d84668aad20d1c.tar.gz |
diracdec: avoid overflow of bytes*8 in decode_lowdelay
If bytes is large enough, bytes*8 can overflow and become negative.
In that case 'bufsize -= bytes*8' causes bufsize to increase instead of
decrease.
This leads to a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9e66b39aa87eb653a6e5d15f70b792ccbf719de7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/diracdec.c')
-rw-r--r-- | libavcodec/diracdec.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 09ca077fe3..edb56a6e99 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -799,7 +799,10 @@ static void decode_lowdelay(DiracContext *s) slice_num++; buf += bytes; - bufsize -= bytes*8; + if (bufsize/8 >= bytes) + bufsize -= bytes*8; + else + bufsize = 0; } avctx->execute(avctx, decode_lowdelay_slice, slices, NULL, slice_num, |