[SCM] libav/experimental: avcodec/fic: fix slice checks
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Aug 10 16:02:53 UTC 2014
The following commit has been merged in the experimental branch:
commit f34d3173fcfc7f3228095d509a64c4fa4b37b575
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Sat Feb 15 17:19:32 2014 +0100
avcodec/fic: fix slice checks
fix integer overflows
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
diff --git a/libavcodec/fic.c b/libavcodec/fic.c
index 90fda91..9453941 100644
--- a/libavcodec/fic.c
+++ b/libavcodec/fic.c
@@ -263,8 +263,8 @@ static int fic_decode_frame(AVCodecContext *avctx, void *data,
}
for (slice = 0; slice < nslices; slice++) {
- int slice_off = AV_RB32(src + tsize + FIC_HEADER_SIZE + slice * 4);
- int slice_size;
+ unsigned slice_off = AV_RB32(src + tsize + FIC_HEADER_SIZE + slice * 4);
+ unsigned slice_size;
int y_off = ctx->slice_h * slice;
int slice_h = ctx->slice_h;
@@ -279,11 +279,11 @@ static int fic_decode_frame(AVCodecContext *avctx, void *data,
slice_size = AV_RB32(src + tsize + FIC_HEADER_SIZE + slice * 4 + 4);
}
- slice_size -= slice_off;
-
- if (slice_off > msize || slice_off + slice_size > msize)
+ if (slice_size < slice_off || slice_size > msize)
continue;
+ slice_size -= slice_off;
+
ctx->slice_data[slice].src = sdata + slice_off;
ctx->slice_data[slice].src_size = slice_size;
ctx->slice_data[slice].slice_h = slice_h;
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list