Fixes: integer overflow No testcase
Found-by: 김승호 <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/dvbsubenc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/dvbsubenc.c b/libavcodec/dvbsubenc.c index 822e3a53099..53f0f6412fa 100644 --- a/libavcodec/dvbsubenc.c +++ b/libavcodec/dvbsubenc.c @@ -302,7 +302,7 @@ static int dvbsub_encode(AVCodecContext *avctx, uint8_t *outbuf, int buf_size, /* page composition segment */ - if (buf_size < 8 + h->num_rects * 6) + if (buf_size < 8 + h->num_rects * 6LL) return AVERROR_BUFFER_TOO_SMALL; *q++ = 0x0f; /* sync_byte */ *q++ = 0x10; /* segment_type */ @@ -326,7 +326,7 @@ static int dvbsub_encode(AVCodecContext *avctx, uint8_t *outbuf, int buf_size, if (h->num_rects) { for (clut_id = 0; clut_id < h->num_rects; clut_id++) { - if (buf_size < 6 + h->rects[clut_id]->nb_colors * 6) + if (buf_size < 6 + h->rects[clut_id]->nb_colors * 6LL) return AVERROR_BUFFER_TOO_SMALL; /* CLUT segment */ -- 2.49.0 _______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
