dnxhddec: fix integer overflow / index check

Fixes out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

dnxhddec: fix integer overflow / index check
Fixes out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4a2da83a · Michael Niedermayer · b926cc78 · 4a2da83a
Commit 4a2da83a authored Jan 30, 2013 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

dnxhddec.c libavcodec/dnxhddec.c +1 -1

No files found.
--- a/libavcodec/dnxhddec.c
+++ b/libavcodec/dnxhddec.c
@@ -180,7 +180,7 @@ static int dnxhd_decode_header(DNXHDContext *ctx, const uint8_t *buf, int buf_si
    for (i = 0; i < ctx->mb_height; i++) {
        ctx->mb_scan_index[i] = AV_RB32(buf + 0x170 + (i<<2));
        av_dlog(ctx->avctx, "mb scan index %d\n", ctx->mb_scan_index[i]);
-        if (buf_size < ctx->mb_scan_index[i] + 0x280) {
+        if (buf_size < ctx->mb_scan_index[i] + 0x280LL) {
            av_log(ctx->avctx, AV_LOG_ERROR, "invalid mb scan index\n");
            return -1;
        }