[Ffmpeg-cvslog] CVS: ffmpeg/libavcodec mpegvideo.c,1.486,1.487
Michael Niedermayer CVS
michael
Tue Jul 26 01:07:30 CEST 2005
- Previous message: [Ffmpeg-cvslog] CVS: ffmpeg/tests regression.sh, 1.77, 1.78 ffmpeg.regression.ref, 1.141, 1.142 rotozoom.regression.ref, 1.96, 1.97 libav.regression.ref, 1.70, 1.71
- Next message: [Ffmpeg-cvslog] CVS: ffmpeg/doc ffmpeg-doc.texi,1.86,1.87
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvsroot/ffmpeg/ffmpeg/libavcodec
In directory mail:/var2/tmp/cvs-serv7818
Modified Files:
mpegvideo.c
Log Message:
Fix for overflow issue in mpegvideo.c patch by (Martin Boehme: boehme, inb uni-luebeck de)
this integer overflow might lead to the execution of arbitrary code during encoding with threads
Index: mpegvideo.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavcodec/mpegvideo.c,v
retrieving revision 1.486
retrieving revision 1.487
diff -u -d -r1.486 -r1.487
--- mpegvideo.c 14 Jul 2005 21:39:35 -0000 1.486
+++ mpegvideo.c 25 Jul 2005 23:07:27 -0000 1.487
@@ -2316,8 +2316,8 @@
int start_y= s->thread_context[i]->start_mb_y;
int end_y= s->thread_context[i]-> end_mb_y;
int h= s->mb_height;
- uint8_t *start= buf + buf_size*start_y/h;
- uint8_t *end = buf + buf_size* end_y/h;
+ uint8_t *start= buf + (size_t)(((int64_t) buf_size)*start_y/h);
+ uint8_t *end = buf + (size_t)(((int64_t) buf_size)* end_y/h);
init_put_bits(&s->thread_context[i]->pb, start, end - start);
}
- Previous message: [Ffmpeg-cvslog] CVS: ffmpeg/tests regression.sh, 1.77, 1.78 ffmpeg.regression.ref, 1.141, 1.142 rotozoom.regression.ref, 1.96, 1.97 libav.regression.ref, 1.70, 1.71
- Next message: [Ffmpeg-cvslog] CVS: ffmpeg/doc ffmpeg-doc.texi,1.86,1.87
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the ffmpeg-cvslog
mailing list