ffmpeg | branch: release/2.5 | wm4 <nfx...@googlemail.com> | Tue Feb 3 19:04:11 2015 +0100| [352d17086fd00e48fa0885113abaedc58a40adc8] | committer: Michael Niedermayer
avformat/mpc8: fix broken pointer math This could overflow and crash at least on 32 bit systems. Reviewed-by: Reimar Döffinger <reimar.doeffin...@gmx.de> Signed-off-by: Michael Niedermayer <michae...@gmx.at> (cherry picked from commit b737a2c52857b214be246ff615c6293730033cfa) Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=352d17086fd00e48fa0885113abaedc58a40adc8 --- libavformat/mpc8.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c index 722d0ee..6524c7e 100644 --- a/libavformat/mpc8.c +++ b/libavformat/mpc8.c @@ -91,7 +91,7 @@ static int mpc8_probe(AVProbeData *p) size = bs_get_v(&bs); if (size < 2) return 0; - if (bs + size - 2 >= bs_end) + if (size >= bs_end - bs + 2) return AVPROBE_SCORE_EXTENSION - 1; // seems to be valid MPC but no header yet if (header_found) { if (size < 11 || size > 28) _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
