asfdec: fix integer overflow in packet_replic_size check

Fixes assertion failure Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-01-31 03:36:59 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2013-01-31 03:37:43 +0100
commit: fe6767f849d9cfe51f422de9d807137d756de7aa (patch)
tree: acdb90686b2a07540a15a4eb20bde77324d46eb3 /libavformat/asfdec.c
parent: 2b6a8187a6ae7407498888298e8d59f90cf94f9d (diff)
download: ffmpeg-fe6767f849d9cfe51f422de9d807137d756de7aa.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index 5c2cf8b9b0..465d9e5792 100644
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -943,7 +943,7 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb){
     av_dlog(asf, "key:%d stream:%d seq:%d offset:%d replic_size:%d\n",
             asf->packet_key_frame, asf->stream_index, asf->packet_seq,
             asf->packet_frag_offset, asf->packet_replic_size);
-    if (rsize+asf->packet_replic_size > asf->packet_size_left) {
+    if (rsize+(int64_t)asf->packet_replic_size > asf->packet_size_left) {
         av_log(s, AV_LOG_ERROR, "packet_replic_size %d is invalid\n", asf->packet_replic_size);
         return AVERROR_INVALIDDATA;
     }
author	Michael Niedermayer <michaelni@gmx.at>	2013-01-31 03:36:59 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2013-01-31 03:37:43 +0100
commit	fe6767f849d9cfe51f422de9d807137d756de7aa (patch)
tree	acdb90686b2a07540a15a4eb20bde77324d46eb3 /libavformat/asfdec.c
parent	2b6a8187a6ae7407498888298e8d59f90cf94f9d (diff)
download	ffmpeg-fe6767f849d9cfe51f422de9d807137d756de7aa.tar.gz