[Ffmpeg-devel] Re: Bethsoft VID demuxer and decoder
Tue Apr 3 23:49:58 CEST 2007
Nicholas T wrote:
> allocations? I don't see how the multiplication can overflow; sorry.
> Could you be more specific? The numbers are 256 or 320 for the width,
> multiplied by 200 for the height. Are you talking about integer
> overflow or memory overflow?
vid->header.frame_width = AV_RL16(&scratch);
vid->header.frame_height = AV_RL16(&scratch);
uint8_t vidbuf_start[vid->header.frame_width *
vid->header.frame_height * 2];
The concern is that frame width & height are init'd to 0xFFFF (think of
a deliberately corrupted file). 0xFFFF * 0xFFFF * 2 = ... some big
number, bigger than 32 bits.
More information about the ffmpeg-devel