[FFmpeg-devel] [PATCH] check for overflow in wmv decoding (roundup issue 1670)

Daniel Kang daniel.d.kang
Sun Jan 2 23:35:17 CET 2011

On Sun, Jan 2, 2011 at 4:53 PM, Daniel Kang <daniel.d.kang at gmail.com> wrote:

> As part of a Google Code-In task, I have written a patch to fix the bug
> in roundup issue 1670. The issue occurs because there is a sanity check
> on s->avctx->extradata_size, but not on s->avctx->extradata_size*8,
> which overflows in some cases. My patch updates the sanity check.
> Are there any comments?
I have been informed (thanks to uau) that a better way to solve this is
the attached patch. Instead of checking for overflow, the init_get_bits
only sets 32 bits, as the function reads 25 bits.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wmv_crash_fix.diff
Type: application/octet-stream
Size: 794 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20110102/9dbc55a1/attachment.obj>

More information about the ffmpeg-devel mailing list