On 4/8/19, James Almer <jamr...@gmail.com> wrote:
> On 4/8/2019 12:42 PM, Paul B Mahol wrote:
>>>> +static int decode_huffman2(AVCodecContext *avctx, int header, int size)
>>>> +{
>>>> + AGMContext *s = avctx->priv_data;
>>>> + GetBitContext *gb = &s->gb;
>>>> + uint8_t lens[256];
>>>> + uint32_t output_size;
>>>> + int ret, x, len;
>>>> +
>>>> + if ((ret = init_get_bits8(gb, s->gbyte.buffer,
>>>> + bytestream2_get_bytes_left(&s->gbyte))) <
>>>> 0)
>>>> + return ret;
>>>> +
>>>> + output_size = get_bits_long(gb, 32);
>>>> +
>>>> + av_fast_padded_malloc(&s->output, &s->output_size,
>>>> + output_size * sizeof(*s->output));
>>> Several chances for overflow here.
>> Yes, changed output_size to int.
>
> No, it needs to be unsigned for av_fast_padded_malloc(). What you need
> to also make unsigned is s->output_size instead.
>
> Also, that sizeof(*s->output) seems superfluous.
Done locally.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
