[FFmpeg-devel] [PATCH] avcodec/pngdec: Don't use unsigned for width, height

[Andreas Rheinhardt]

Andreas Rheinhardt:
> Otherwise p->linesize[0] * y will be evaluated as an unsigned
> which leads to segfaults in case linesize is negative.
> This happens in the apng-dispose-previous FATE-test in case
> one makes get_buffer return pictures with negative linesizes.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
> ---
>  libavcodec/pngdec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
> index 582953d17b..3c3eca601e 100644
> --- a/libavcodec/pngdec.c
> +++ b/libavcodec/pngdec.c
> @@ -1387,7 +1387,7 @@ exit_loop:
>      if (s->has_trns && s->color_type != PNG_COLOR_TYPE_PALETTE) {
>          size_t byte_depth = s->bit_depth > 8 ? 2 : 1;
>          size_t raw_bpp = s->bpp - byte_depth;
> -        unsigned x, y;
> +        ptrdiff_t x, y;
>  
>          av_assert0(s->bit_depth > 1);
>  

Will apply this patch tomorrow unless there are objections.

- Andreas