1. ffmpeg
  2. Commit 9f1e01c9915fe0c86ad2b8f50e11fee9e1b00c62
Browse code

escape124: fix integer overflow leading to excessive memory allocation

Fixes Ticket1629

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3d7817048cb387de87600f2152075f78b37b60a6)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Michael Niedermayer authored on 2012/08/17 05:28:29
Showing 1 changed files
libavcodec/escape124.c
History View file @ 9f1e01c
... ... 
@@ -48,7 +48,7 @@ typedef struct Escape124Context {
48 48 
     CodeBook codebooks[3];
49 49 
 } Escape124Context;
50 50
51 
-static int can_safely_read(GetBitContext* gb, int bits) {
51 
+static int can_safely_read(GetBitContext* gb, uint64_t bits) {
52 52 
     return get_bits_left(gb) >= bits;
53 53 
 }
54 54
... ... 
@@ -90,7 +90,7 @@ static CodeBook unpack_codebook(GetBitContext* gb, unsigned depth,
90 90 
     unsigned i, j;
91 91 
     CodeBook cb = { 0 };
92 92
93 
-    if (!can_safely_read(gb, size * 34))
93 
+    if (!can_safely_read(gb, size * 34L))
94 94 
         return cb;
95 95
96 96 
     if (size >= INT_MAX / sizeof(MacroBlock))