4xmdec: fix integer overflow, null ptr dereference

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

4xmdec: fix integer overflow, null ptr dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
aed128f0 · Michael Niedermayer · ed27ed9f · aed128f0
Commit aed128f0 authored Nov 20, 2012 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

4xm.c libavcodec/4xm.c +1 -1

No files found.
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@@ -428,7 +428,7 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length)
        bytestream_size = FFMAX(length - bitstream_size - wordstream_size, 0);
    }

-    if (bitstream_size > length ||
+    if (bitstream_size > length || bitstream_size >= INT_MAX/8 ||
        bytestream_size > length - bitstream_size ||
        wordstream_size > length - bytestream_size - bitstream_size ||
        extra > length - bytestream_size - bitstream_size - wordstream_size) {