[FFmpeg-devel] [libav-devel] [PATCH] hqx: correct type and size check of info_offset
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Fri Nov 20 00:52:02 CET 2015
On 16.11.2015 12:55, Vittorio Giovara wrote:
> On Sun, Nov 15, 2015 at 10:50 AM, Andreas Cadhalpun
> <andreas.cadhalpun at gmail.com> wrote:
>> It is used as size argument of ff_canopus_parse_info_tag, which uses it
>> as size argument to bytestream2_init, which only supports sizes up to
>> INT_MAX.
>> Changing it's type to unsigned simplifies the check.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>> libavcodec/hqx.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavcodec/hqx.c b/libavcodec/hqx.c
>> index 8060c7a..138d960 100644
>> --- a/libavcodec/hqx.c
>> +++ b/libavcodec/hqx.c
>> @@ -417,8 +417,8 @@ static int hqx_decode_frame(AVCodecContext *avctx, void *data,
>>
>> info_tag = AV_RL32(src);
>> if (info_tag == MKTAG('I', 'N', 'F', 'O')) {
>> - int info_offset = AV_RL32(src + 4);
>> - if (info_offset > UINT32_MAX - 8 || info_offset + 8 > avpkt->size) {
>> + unsigned info_offset = AV_RL32(src + 4);
>> + if (info_offset > INT_MAX || info_offset + 8 > avpkt->size) {
>> av_log(avctx, AV_LOG_ERROR,
>> "Invalid INFO header offset: 0x%08"PRIX32" is too large.\n",
>> info_offset);
>> --
>> 2.6.2
>
> lgtm, thanks
Pushed.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list