[FFmpeg-devel] [PATCH] lsws: prevent overflow in sws_init_context()
Michael Niedermayer
michaelni at gmx.at
Mon Apr 25 02:29:38 CEST 2011
On Mon, Apr 25, 2011 at 01:28:26AM +0200, Stefano Sabatini wrote:
> In the loop:
> for (i=0; i<dstH; i++) {
> int chrI= i*c->chrDstH / dstH;
>
> when i*c->chrDstH > INT_MAX this leads to an integer overflow, which
> results in a negative value for chrI and in out-of-buffer reads. The
> overflow is avoided by forcing int64_t arithmetic by casting i to
> int64_t.
>
> Fix crash, and trac issue #72.
ok & thx
[..]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
It is dangerous to be right in matters on which the established authorities
are wrong. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110425/4ab1568c/attachment.asc>
More information about the ffmpeg-devel
mailing list