vorbisdec: Prevent a potential integer overflow.

If sizeof uint_fast8_t > 1 and sizeof size_t <= 4, the expression that mallocs classifs is susceptible to integer overflow. Originally committed as revision 24675 to svn://svn.ffmpeg.org/ffmpeg/trunk

vorbisdec: Prevent a potential integer overflow.
If sizeof uint_fast8_t > 1 and sizeof size_t <= 4, the expression that mallocs classifs is susceptible to integer overflow. Originally committed as revision 24675 to svn://svn.ffmpeg.org/ffmpeg/trunk
366d9190 · Alex Converse · 83abdf5f · 366d9190
Commit 366d9190 authored Aug 03, 2010 by Alex Converse
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

vorbis_dec.c libavcodec/vorbis_dec.c +2 -2

No files found.
--- a/libavcodec/vorbis_dec.c
+++ b/libavcodec/vorbis_dec.c
@@ -103,7 +103,7 @@ typedef struct {
    int_fast16_t  books[64][8];
    uint_fast8_t  maxpass;
    uint_fast16_t ptns_to_read;
-    uint_fast8_t *classifs;
+    uint8_t *classifs;
 } vorbis_residue;

 typedef struct {
@@ -1267,7 +1267,7 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc,
    GetBitContext *gb = &vc->gb;
    uint_fast8_t c_p_c = vc->codebooks[vr->classbook].dimensions;
    uint_fast16_t ptns_to_read = vr->ptns_to_read;
-    uint_fast8_t *classifs = vr->classifs;
+    uint8_t *classifs = vr->classifs;
    uint_fast8_t pass;
    uint_fast8_t ch_used;
    uint_fast8_t i,j,l;