escape124: fix integer overflow leading to excessive memory allocation

Fixes Ticket1629 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

escape124: fix integer overflow leading to excessive memory allocation
Fixes Ticket1629 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
3d781704 · Michael Niedermayer · 4b529edf · 3d781704
Commit 3d781704 authored Aug 16, 2012 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

escape124.c libavcodec/escape124.c +2 -2

No files found.
--- a/libavcodec/escape124.c
+++ b/libavcodec/escape124.c
@@ -48,7 +48,7 @@ typedef struct Escape124Context {
    CodeBook codebooks[3];
 } Escape124Context;

-static int can_safely_read(GetBitContext* gb, int bits) {
+static int can_safely_read(GetBitContext* gb, uint64_t bits) {
    return get_bits_left(gb) >= bits;
 }

@@ -90,7 +90,7 @@ static CodeBook unpack_codebook(GetBitContext* gb, unsigned depth,
    unsigned i, j;
    CodeBook cb = { 0 };

-    if (!can_safely_read(gb, size * 34))
+    if (!can_safely_read(gb, size * 34L))
        return cb;

    if (size >= INT_MAX / sizeof(MacroBlock))