Mercurial > libavcodec.hg

changeset 5676:71dc0d839b28 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Check unp_size for possible overflows too
author kostya
date Fri, 14 Sep 2007 06:01:29 +0000
parents d328f1731a6c
children b031d95d8fae
files smacker.c
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/smacker.c	Thu Sep 13 09:13:56 2007 +0000
+++ b/smacker.c	Fri Sep 14 06:01:29 2007 +0000
@@ -590,7 +590,7 @@
     }
     stereo = get_bits1(&gb);
     bits = get_bits1(&gb);
-    if ((unp_size << !bits) > *data_size) {
+    if (unp_size & 0xC0000000 || (unp_size << !bits) > *data_size) {
         av_log(avctx, AV_LOG_ERROR, "Frame is too large to fit in buffer\n");
         return -1;
     }