On Sun, Jul 02, 2017 at 20:48:17 +0530, Paras Chadha wrote:
> + int64_t header_size = 0, data_size=0, ret, pcount=0, gcount=1, d;
[...]
> + header_size += 80;
[...]
> + header_size += 80;
[...]
> + header_size += 80;
[...]
> + for (i = 0; i < naxis; i++) {
[...]
> + header_size += 80;
[...]
> + header_size += 80;
[...]
> + while (strncmp(buf, "END", 3)) {
[...]
> + header_size += 80;
> + }
> +
> + header_size = ceil(header_size/2880.0)*2880;
> + if (header_size < 0)
> + return AVERROR_INVALIDDATA;
How can this happen, except by integer overflow?
> + if (data_size < 0)
> + return AVERROR_INVALIDDATA;
> +
> + if (!data_size) {
> + fits->image = 0;
> + } else {
> + data_size = ceil(data_size/2880.0)*2880;
> + if (data_size < 0)
> + return AVERROR_INVALIDDATA;
How can this occur?
Moritz
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
