On Thu, Apr 28, 2011 at 11:25 AM, Justin Ruggles <justin.rugg...@gmail.com> wrote: > Hi, > > On 04/28/2011 02:08 PM, Diego Biurrun wrote: > >> + if (*data_size < 4 * buf_size * 8 / (avctx->bits_per_coded_sample + 4)) >> + return -1; > > > I think this can cause invalid writes if buf_size > INT_MAX/32
Can't happen buf_size can be at most 65539. if (AES3_HEADER_LEN + frame_size != buf_size || bits > 24) { av_log(avctx, AV_LOG_ERROR, "frame has invalid header\n"); return AVERROR_INVALIDDATA; } --Alex _______________________________________________ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel