ffmpeg | branch: release/2.7 | Andreas Cadhalpun <andreas.cadhal...@googlemail.com> | Sun Nov 15 10:33:40 2015 +0100| [67ed1ee680b70c23c0262776e4807f0df734512b] | committer: Andreas Cadhalpun
hqx: correct type and size check of info_offset It is used as size argument of ff_canopus_parse_info_tag, which uses it as size argument to bytestream2_init, which only supports sizes up to INT_MAX. Changing it's type to unsigned simplifies the check. Reviewed-by: Vittorio Giovara <vittorio.giov...@gmail.com> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> (cherry picked from commit 1ed7fcd42af956979abf4e32cd3c9ee17622bbcb) Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=67ed1ee680b70c23c0262776e4807f0df734512b --- libavcodec/hqx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/hqx.c b/libavcodec/hqx.c index 44016ac..9db8a7f 100644 --- a/libavcodec/hqx.c +++ b/libavcodec/hqx.c @@ -417,8 +417,8 @@ static int hqx_decode_frame(AVCodecContext *avctx, void *data, info_tag = AV_RL32(src); if (info_tag == MKTAG('I', 'N', 'F', 'O')) { - int info_offset = AV_RL32(src + 4); - if (info_offset > UINT32_MAX - 8 || info_offset + 8 > avpkt->size) { + unsigned info_offset = AV_RL32(src + 4); + if (info_offset > INT_MAX || info_offset + 8 > avpkt->size) { av_log(avctx, AV_LOG_ERROR, "Invalid INFO header offset: 0x%08"PRIX32" is too large.\n", info_offset); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
