asfdec: fix integer overflow in packet_replic_size check

Fixes assertion failure Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

asfdec: fix integer overflow in packet_replic_size check
Fixes assertion failure Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
fe6767f8 · Michael Niedermayer · 2b6a8187 · fe6767f8
Commit fe6767f8 authored Jan 31, 2013 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

asfdec.c libavformat/asfdec.c +1 -1

No files found.
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -943,7 +943,7 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb){
    av_dlog(asf, "key:%d stream:%d seq:%d offset:%d replic_size:%d\n",
            asf->packet_key_frame, asf->stream_index, asf->packet_seq,
            asf->packet_frag_offset, asf->packet_replic_size);
-    if (rsize+asf->packet_replic_size > asf->packet_size_left) {
+    if (rsize+(int64_t)asf->packet_replic_size > asf->packet_size_left) {
        av_log(s, AV_LOG_ERROR, "packet_replic_size %d is invalid\n", asf->packet_replic_size);
        return AVERROR_INVALIDDATA;
    }