On Thu, Apr 28, 2011 at 11:25 AM, Justin Ruggles
<justin.rugg...@gmail.com> wrote:
> Hi,
>
> On 04/28/2011 02:08 PM, Diego Biurrun wrote:
>
>> + if (*data_size < 4 * buf_size * 8 / (avctx->bits_per_coded_sample + 4))
>> + return -1;
>
>
> I think this can cause invalid writes if buf_size > INT_MAX/32
Can't happen buf_size can be at most 65539.
if (AES3_HEADER_LEN + frame_size != buf_size || bits > 24) {
av_log(avctx, AV_LOG_ERROR, "frame has invalid header\n");
return AVERROR_INVALIDDATA;
}
--Alex
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
