Commit bd8b6ed9 authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/bmp: fix integer overflow in checking header sizes

Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent c277ab6b
...@@ -70,7 +70,7 @@ static int bmp_decode_frame(AVCodecContext *avctx, ...@@ -70,7 +70,7 @@ static int bmp_decode_frame(AVCodecContext *avctx,
hsize = bytestream_get_le32(&buf); /* header size */ hsize = bytestream_get_le32(&buf); /* header size */
ihsize = bytestream_get_le32(&buf); /* more header size */ ihsize = bytestream_get_le32(&buf); /* more header size */
if (ihsize + 14 > hsize) { if (ihsize + 14LL > hsize) {
av_log(avctx, AV_LOG_ERROR, "invalid header size %u\n", hsize); av_log(avctx, AV_LOG_ERROR, "invalid header size %u\n", hsize);
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment