utvideodec: Prevent possible signed overflow

Doing slice_end - slice_start is unsafe and can lead to undefined behavior until slice_end has been properly sanitized. Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com> Signed-off-by: Ganesh Ajjanagadde <gajjanag@gmail.com> Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

utvideodec: Prevent possible signed overflow
Doing slice_end - slice_start is unsafe and can lead to undefined behavior until slice_end has been properly sanitized. Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com> Signed-off-by: Ganesh Ajjanagadde <gajjanag@gmail.com> Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
1fe85813 · Ganesh Ajjanagadde · Luca Barbato · 4d4d7cf9 · 1fe85813
Commit 1fe85813 authored Feb 23, 2016 by Ganesh Ajjanagadde Committed by Luca Barbato Apr 13, 2017
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

utvideodec.c libavcodec/utvideodec.c +2 -2

No files found.
--- a/libavcodec/utvideodec.c
+++ b/libavcodec/utvideodec.c
@@ -361,12 +361,12 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
        slice_end   = 0;
        for (j = 0; j < c->slices; j++) {
            slice_end   = bytestream2_get_le32u(&gb);
-            slice_size  = slice_end - slice_start;
-            if (slice_end < 0 || slice_size < 0 ||
+            if (slice_end < 0 || slice_end < slice_start ||
                bytestream2_get_bytes_left(&gb) < slice_end) {
                av_log(avctx, AV_LOG_ERROR, "Incorrect slice size\n");
                return AVERROR_INVALIDDATA;
            }
+            slice_size  = slice_end - slice_start;
            slice_start = slice_end;
            max_slice_size = FFMAX(max_slice_size, slice_size);
        }