# HG changeset patch
# User michael
# Date 1122332847 0
# Node ID 3137aae854c9197232816b8a47659075ea35ba3f
# Parent  af3a36e200108e62dd12f6f2ef93477149ecef03
Fix for overflow issue in mpegvideo.c patch by (Martin Boehme: boehme, inb uni-luebeck de)
this integer overflow might lead to the execution of arbitrary code during encoding with threads

diff -r af3a36e20010 -r 3137aae854c9 mpegvideo.c
--- a/mpegvideo.c	Mon Jul 25 14:35:01 2005 +0000
+++ b/mpegvideo.c	Mon Jul 25 23:07:27 2005 +0000
@@ -2316,8 +2316,8 @@
         int start_y= s->thread_context[i]->start_mb_y;
         int   end_y= s->thread_context[i]->  end_mb_y;
         int h= s->mb_height;
-        uint8_t *start= buf + buf_size*start_y/h;
-        uint8_t *end  = buf + buf_size*  end_y/h;
+        uint8_t *start= buf + (size_t)(((int64_t) buf_size)*start_y/h);
+        uint8_t *end  = buf + (size_t)(((int64_t) buf_size)*  end_y/h);
 
         init_put_bits(&s->thread_context[i]->pb, start, end - start);
     }