Fix for overflow issue in mpegvideo.c patch by (Martin Boehme: boehme, inb uni-luebeck de)

this integer overflow might lead to the execution of arbitrary code during encoding with threads Originally committed as revision 4474 to svn://svn.ffmpeg.org/ffmpeg/trunk

Fix for overflow issue in mpegvideo.c patch by (Martin Boehme: boehme, inb uni-luebeck de)
this integer overflow might lead to the execution of arbitrary code during encoding with threads Originally committed as revision 4474 to svn://svn.ffmpeg.org/ffmpeg/trunk
acb22f93 · Martin Boehme · Michael Niedermayer · d8cbeba1 · acb22f93
Commit acb22f93 authored Jul 25, 2005 by Martin Boehme Committed by Michael Niedermayer Jul 25, 2005
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

mpegvideo.c libavcodec/mpegvideo.c +2 -2

No files found.
--- a/libavcodec/mpegvideo.c
+++ b/libavcodec/mpegvideo.c
@@ -2316,8 +2316,8 @@ int MPV_encode_picture(AVCodecContext *avctx,
        int start_y= s->thread_context[i]->start_mb_y;
        int   end_y= s->thread_context[i]->  end_mb_y;
        int h= s->mb_height;
-        uint8_t *start= buf + buf_size*start_y/h;
-        uint8_t *end  = buf + buf_size*  end_y/h;
+        uint8_t *start= buf + (size_t)(((int64_t) buf_size)*start_y/h);
+        uint8_t *end  = buf + (size_t)(((int64_t) buf_size)*  end_y/h);

        init_put_bits(&s->thread_context[i]->pb, start, end - start);
    }