Mercurial > libavcodec.hg
comparison h264.c @ 9898:003d7f830e2a libavcodec
Fix nalsize check to avoid an integer overflow that made the check
incorrect for nalsize > INT_MAX - buf_index
| author | reimar |
|---|---|
| date | Tue, 30 Jun 2009 12:11:29 +0000 |
| parents | f86df3ebfef7 |
| children | d07aee233d03 |
comparison
equal
deleted
inserted
replaced
| 9897:d69eaf40d1b8 | 9898:003d7f830e2a |
|---|---|
| 7503 if(buf_index >= next_avc) { | 7503 if(buf_index >= next_avc) { |
| 7504 if(buf_index >= buf_size) break; | 7504 if(buf_index >= buf_size) break; |
| 7505 nalsize = 0; | 7505 nalsize = 0; |
| 7506 for(i = 0; i < h->nal_length_size; i++) | 7506 for(i = 0; i < h->nal_length_size; i++) |
| 7507 nalsize = (nalsize << 8) | buf[buf_index++]; | 7507 nalsize = (nalsize << 8) | buf[buf_index++]; |
| 7508 if(nalsize <= 1 || (nalsize+buf_index > buf_size)){ | 7508 if(nalsize <= 1 || nalsize > buf_size - buf_index){ |
| 7509 if(nalsize == 1){ | 7509 if(nalsize == 1){ |
| 7510 buf_index++; | 7510 buf_index++; |
| 7511 continue; | 7511 continue; |
| 7512 }else{ | 7512 }else{ |
| 7513 av_log(h->s.avctx, AV_LOG_ERROR, "AVC: nal size %d\n", nalsize); | 7513 av_log(h->s.avctx, AV_LOG_ERROR, "AVC: nal size %d\n", nalsize); |