[FFmpeg-devel] [PATCH] lsws: prevent overflow in sws_init_context()

Michael Niedermayer michaelni at gmx.at
Mon Apr 25 02:29:38 CEST 2011


On Mon, Apr 25, 2011 at 01:28:26AM +0200, Stefano Sabatini wrote:
> In the loop:
>     for (i=0; i<dstH; i++) {
>         int chrI= i*c->chrDstH / dstH;
> 
> when i*c->chrDstH > INT_MAX this leads to an integer overflow, which
> results in a negative value for chrI and in out-of-buffer reads. The
> overflow is avoided by forcing int64_t arithmetic by casting i to
> int64_t.
> 
> Fix crash, and trac issue #72.

ok & thx

[..]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

It is dangerous to be right in matters on which the established authorities
are wrong. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110425/4ab1568c/attachment.asc>


More information about the ffmpeg-devel mailing list