Commit 1703013c authored by Mans Rullgard's avatar Mans Rullgard

avidec: fix signed overflow in avi_sync()

Keeping byte values read from the file as unsigned is consistent
with how they are subsequently used and avoids an undefined left
shift by 24 when bit 7 is set.
Signed-off-by: 's avatarMans Rullgard <mans@mansr.com>
parent 0c46e958
...@@ -843,7 +843,8 @@ static int avi_sync(AVFormatContext *s, int exit_early) ...@@ -843,7 +843,8 @@ static int avi_sync(AVFormatContext *s, int exit_early)
{ {
AVIContext *avi = s->priv_data; AVIContext *avi = s->priv_data;
AVIOContext *pb = s->pb; AVIOContext *pb = s->pb;
int n, d[8]; int n;
unsigned int d[8];
unsigned int size; unsigned int size;
int64_t i, sync; int64_t i, sync;
...@@ -860,7 +861,7 @@ start_sync: ...@@ -860,7 +861,7 @@ start_sync:
n= get_stream_idx(d+2); n= get_stream_idx(d+2);
//av_log(s, AV_LOG_DEBUG, "%X %X %X %X %X %X %X %X %"PRId64" %d %d\n", d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], i, size, n); //av_log(s, AV_LOG_DEBUG, "%X %X %X %X %X %X %X %X %"PRId64" %d %d\n", d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], i, size, n);
if(i + (uint64_t)size > avi->fsize || d[0]<0) if(i + (uint64_t)size > avi->fsize || d[0] > 127)
continue; continue;
//parse ix## //parse ix##
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment