RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

hqx: correct type and size check of info_offset 

It is used as size argument of ff_canopus_parse_info_tag, which uses it
as size argument to bytestream2_init, which only supports sizes up to
INT_MAX.
Changing it's type to unsigned simplifies the check.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This commit is contained in:
Andreas Cadhalpun 2015-11-15 10:50:44 +01:00 committed by Vittorio Giovara
parent 0a8bff788b
commit 9fd2bf09db
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/hqx.c
View File

@ -417,8 +417,8 @@ static int hqx_decode_frame(AVCodecContext *avctx, void *data,
info_tag = AV_RL32(src); info_tag = AV_RL32(src);
if (info_tag == MKTAG('I', 'N', 'F', 'O')) { if (info_tag == MKTAG('I', 'N', 'F', 'O')) {
int info_offset = AV_RL32(src + 4); unsigned info_offset = AV_RL32(src + 4);
if (info_offset > UINT32_MAX - 8 || info_offset + 8 > avpkt->size) { if (info_offset > INT_MAX || info_offset + 8 > avpkt->size) {
av_log(avctx, AV_LOG_ERROR, av_log(avctx, AV_LOG_ERROR,
"Invalid INFO header offset: 0x%08"PRIX32" is too large.\n", "Invalid INFO header offset: 0x%08"PRIX32" is too large.\n",
info_offset); info_offset);