[Ffmpeg-devel] integer overflow in huffyuv.c:decode_frame()
Michael Niedermayer
michaelni
Sat Mar 18 03:30:49 CET 2006
Hi
On Sat, Mar 18, 2006 at 02:37:29AM +0100, Tomas Carnecky wrote:
> if buf_size is big enough, the integer overflows when computing the
> third argument to init_get_bits() (line 811 in huffyuv.c).
> because the third argument will become negative init_put_bits() sets
> s->buffer to null which then causes SIGSEGV later on when get_bits() is
> called (line 824 in my case).
>
> Please either check that buf_size is small enough (eg amaller than
> INT_MAX/8) or make the third argument unsigned, or any other solution
> that suits your coding preferences.
fixed
[...]
--
Michael
More information about the ffmpeg-devel
mailing list