RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix nalsize check to avoid an integer overflow that made the check 

incorrect for nalsize > INT_MAX - buf_index

Originally committed as revision 19307 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Reimar Döffinger 2009-06-30 12:11:29 +00:00
parent 0444a8c534
commit 8d8409ca9f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/h264.c
View File

@ -7505,7 +7505,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
nalsize = 0;
for(i = 0; i < h->nal_length_size; i++)
nalsize = (nalsize << 8) | buf[buf_index++];
if(nalsize <= 1 || (nalsize+buf_index > buf_size)){
if(nalsize <= 1 || nalsize > buf_size - buf_index){
if(nalsize == 1){
buf_index++;
continue;