Commit 1703013c authored by Mans Rullgard's avatar Mans Rullgard

avidec: fix signed overflow in avi_sync()

Keeping byte values read from the file as unsigned is consistent
with how they are subsequently used and avoids an undefined left
shift by 24 when bit 7 is set.
Signed-off-by: 's avatarMans Rullgard <mans@mansr.com>
parent 0c46e958
......@@ -843,7 +843,8 @@ static int avi_sync(AVFormatContext *s, int exit_early)
{
AVIContext *avi = s->priv_data;
AVIOContext *pb = s->pb;
int n, d[8];
int n;
unsigned int d[8];
unsigned int size;
int64_t i, sync;
......@@ -860,7 +861,7 @@ start_sync:
n= get_stream_idx(d+2);
//av_log(s, AV_LOG_DEBUG, "%X %X %X %X %X %X %X %X %"PRId64" %d %d\n", d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], i, size, n);
if(i + (uint64_t)size > avi->fsize || d[0]<0)
if(i + (uint64_t)size > avi->fsize || d[0] > 127)
continue;
//parse ix##
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment