[FFmpeg-cvslog] hqx: correct type and size check of info_offset
Andreas Cadhalpun
git at videolan.org
Fri Nov 20 00:51:56 CET 2015
ffmpeg | branch: master | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Sun Nov 15 10:33:40 2015 +0100| [1ed7fcd42af956979abf4e32cd3c9ee17622bbcb] | committer: Andreas Cadhalpun
hqx: correct type and size check of info_offset
It is used as size argument of ff_canopus_parse_info_tag, which uses it
as size argument to bytestream2_init, which only supports sizes up to
INT_MAX.
Changing it's type to unsigned simplifies the check.
Reviewed-by: Vittorio Giovara <vittorio.giovara at gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1ed7fcd42af956979abf4e32cd3c9ee17622bbcb
---
libavcodec/hqx.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/hqx.c b/libavcodec/hqx.c
index 8060c7a..138d960 100644
--- a/libavcodec/hqx.c
+++ b/libavcodec/hqx.c
@@ -417,8 +417,8 @@ static int hqx_decode_frame(AVCodecContext *avctx, void *data,
info_tag = AV_RL32(src);
if (info_tag == MKTAG('I', 'N', 'F', 'O')) {
- int info_offset = AV_RL32(src + 4);
- if (info_offset > UINT32_MAX - 8 || info_offset + 8 > avpkt->size) {
+ unsigned info_offset = AV_RL32(src + 4);
+ if (info_offset > INT_MAX || info_offset + 8 > avpkt->size) {
av_log(avctx, AV_LOG_ERROR,
"Invalid INFO header offset: 0x%08"PRIX32" is too large.\n",
info_offset);
More information about the ffmpeg-cvslog
mailing list