diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2012-08-16 22:28:29 +0200 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2012-09-15 00:18:39 +0200 |
commit | 9f1e01c9915fe0c86ad2b8f50e11fee9e1b00c62 (patch) | |
tree | 9c91d68f04af69dfc0d6cd2cbdde2501163dd56f /libavcodec/escape124.c | |
parent | 450e4b1a60721d25f306d97062f35c9c3d7989f8 (diff) | |
download | ffmpeg-9f1e01c9915fe0c86ad2b8f50e11fee9e1b00c62.tar.gz |
escape124: fix integer overflow leading to excessive memory allocation
Fixes Ticket1629
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3d7817048cb387de87600f2152075f78b37b60a6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/escape124.c')
-rw-r--r-- | libavcodec/escape124.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/escape124.c b/libavcodec/escape124.c index 283a5d644a..8548ea08a4 100644 --- a/libavcodec/escape124.c +++ b/libavcodec/escape124.c @@ -48,7 +48,7 @@ typedef struct Escape124Context { CodeBook codebooks[3]; } Escape124Context; -static int can_safely_read(GetBitContext* gb, int bits) { +static int can_safely_read(GetBitContext* gb, uint64_t bits) { return get_bits_left(gb) >= bits; } @@ -90,7 +90,7 @@ static CodeBook unpack_codebook(GetBitContext* gb, unsigned depth, unsigned i, j; CodeBook cb = { 0 }; - if (!can_safely_read(gb, size * 34)) + if (!can_safely_read(gb, size * 34L)) return cb; if (size >= INT_MAX / sizeof(MacroBlock)) |