aboutsummaryrefslogtreecommitdiffstats
path: root/presets
diff options
context:
space:
mode:
authorAndreas Rheinhardt <andreas.rheinhardt@gmail.com>2020-09-20 17:33:23 +0200
committerAndreas Rheinhardt <andreas.rheinhardt@gmail.com>2020-09-20 20:06:55 +0200
commit5b33f523d736a11c9db88f998708c6f67691f445 (patch)
treec0b538de62a5a3f3cc890b499fe218a665c25386 /presets
parent913aa4204a2a2e0f3588f628441bf8d6edc12db7 (diff)
downloadffmpeg-5b33f523d736a11c9db88f998708c6f67691f445.tar.gz
avformat/aaxdec: Fix potential integer overflow
The AAX demuxer reads a 32bit number containing the amount of entries of an array and stores it in an uint32_t. Yet when iterating over this array, a loop counter of type int is used. This leads to undefined behaviour if the amount of entries is not in the range of int; to avoid this, it is generally good to use the same type for the loop counter as for the variable it is compared to. This is done in one of the two loops affected by this. In the other loop, the undefined behaviour can begin even earlier: Here the loop counter is multiplied by an uint16_t which can overflow as soon as the loop counter is > 2^15. Using an unsigned type would avoid the undefined behaviour, but truncation would still be possible, so use an uint64_t. Also use an uint32_t for a variable containing an index in said array. This fixes Coverity issue #1466767. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Diffstat (limited to 'presets')
0 files changed, 0 insertions, 0 deletions