lsws: prevent overflow in sws_init_context()

In the loop: for (i=0; i<dstH; i++) { int chrI= i*c->chrDstH / dstH; when i*c->chrDstH > INT_MAX this leads to an integer overflow, which results in a negative value for chrI and in out-of-buffer reads. The overflow is avoided by forcing int64_t arithmetic by casting i to int64_t. Fix crash, and trac issue #72. Signed-off-by: Stefano Sabatini <stefano.sabatini-lala@poste.it>
author: Stefano Sabatini <stefano.sabatini-lala@poste.it> 2011-04-25 01:17:08 +0200
committer: Stefano Sabatini <stefano.sabatini-lala@poste.it> 2011-04-25 22:45:19 +0200
commit: bd2a3700c045201b043a0e812d932e9d4fc37e82 (patch)
tree: 89ee8bc25a24b2ee908fec411ffca952b0e51e89 /libswscale/utils.c
parent: 1d6c82d40541936fe67061a8374b5bae8fbc4cbb (diff)
download: ffmpeg-bd2a3700c045201b043a0e812d932e9d4fc37e82.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libswscale/utils.c b/libswscale/utils.c
index 6e8e40b5cc..1f4a6c41cd 100644
--- a/libswscale/utils.c
+++ b/libswscale/utils.c
@@ -1000,7 +1000,7 @@ int sws_init_context(SwsContext *c, SwsFilter *srcFilter, SwsFilter *dstFilter)
     c->vLumBufSize= c->vLumFilterSize;
     c->vChrBufSize= c->vChrFilterSize;
     for (i=0; i<dstH; i++) {
-        int chrI= i*c->chrDstH / dstH;
+        int chrI= (int64_t)i*c->chrDstH / dstH;
         int nextSlice= FFMAX(c->vLumFilterPos[i   ] + c->vLumFilterSize - 1,
                            ((c->vChrFilterPos[chrI] + c->vChrFilterSize - 1)<<c->chrSrcVSubSample));
author	Stefano Sabatini <stefano.sabatini-lala@poste.it>	2011-04-25 01:17:08 +0200
committer	Stefano Sabatini <stefano.sabatini-lala@poste.it>	2011-04-25 22:45:19 +0200
commit	bd2a3700c045201b043a0e812d932e9d4fc37e82 (patch)
tree	89ee8bc25a24b2ee908fec411ffca952b0e51e89 /libswscale/utils.c
parent	1d6c82d40541936fe67061a8374b5bae8fbc4cbb (diff)
download	ffmpeg-bd2a3700c045201b043a0e812d932e9d4fc37e82.tar.gz