[Ffmpeg-devel] integer overflow in huffyuv.c:decode_frame()

Michael Niedermayer michaelni
Sat Mar 18 03:30:49 CET 2006


On Sat, Mar 18, 2006 at 02:37:29AM +0100, Tomas Carnecky wrote:
> if buf_size is big enough, the integer overflows when computing the
> third argument to init_get_bits() (line 811 in huffyuv.c).
> because the third argument will become negative init_put_bits() sets
> s->buffer to null which then causes SIGSEGV later on when get_bits() is
> called (line 824 in my case).
> Please either check that buf_size is small enough (eg amaller than
> INT_MAX/8) or make the third argument unsigned, or any other solution
> that suits your coding preferences.



More information about the ffmpeg-devel mailing list