On 11/09/13 23:18, Martin Storsjö wrote: > On Wed, 11 Sep 2013, Luca Barbato wrote: > >> On 11/09/13 22:47, Martin Storsjö wrote: >>> Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind >>> CC: [email protected] >>> --- >>> libavformat/sierravmd.c | 9 +++++++++ >>> 1 file changed, 9 insertions(+) >>> >>> diff --git a/libavformat/sierravmd.c b/libavformat/sierravmd.c >>> index 645b99b..8915001 100644 >>> --- a/libavformat/sierravmd.c >>> +++ b/libavformat/sierravmd.c >>> @@ -199,6 +199,10 @@ static int vmd_read_header(AVFormatContext *s) >>> avio_read(pb, chunk, BYTES_PER_FRAME_RECORD); >>> type = chunk[0]; >>> size = AV_RL32(&chunk[2]); >>> + if (size > INT_MAX/2) { >> ^^^ spaces >> >> Why INT_MAX / 2 btw? > > Because we need to be sure that size + BYTES_PER_FRAME_RECORD doesn't > wrap. We could explicitly check for INT_MAX - BYTES_PER_FRAME_RECORD, > but INT_MAX / 2 gives a bit more marginal since it really shouldn't be > all that big mostly anyway (Kostya suggested this for another patch > earlier today, http://patches.libav.org/patch/42128/). > > I amended this one as well to add spaces around the operator. >
I guess the same applies for the other one, thanks for the explanation, maybe add it to the commit message. lu _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
