On Tue, May 05, 2015 at 10:10:44PM +0200, Andreas Cadhalpun wrote:
> If bytes is large enough, bytes*8 can overflow and become negative.
>
> In that case 'bufsize -= bytes*8' causes bufsize to increase instead of
> decrease.
>
> This leads to a segmentation fault.
>
> Signed-off-by: Andreas Cadh
If bytes is large enough, bytes*8 can overflow and become negative.
In that case 'bufsize -= bytes*8' causes bufsize to increase instead of
decrease.
This leads to a segmentation fault.
Signed-off-by: Andreas Cadhalpun
---
libavcodec/diracdec.c | 5 -
1 file changed, 4 insertions(+), 1 del
