On 11/24/2014 12:45 PM, Luca Barbato wrote:
On 24/11/14 18:17, Justin Ruggles wrote:
On 11/21/2014 07:57 AM, Vittorio Giovara wrote:
From: Luca Barbato <lu_z...@gentoo.org>
Bug-Id: CID 700699
CC: libav-sta...@libav.org
---
libavcodec/tiffenc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/tiffenc.c b/libavcodec/tiffenc.c
index b28f72b..0f9ac80 100644
--- a/libavcodec/tiffenc.c
+++ b/libavcodec/tiffenc.c
@@ -113,7 +113,7 @@ static void tnput(uint8_t **p, int n, const
uint8_t *val, enum TiffTypes type,
* @param ptr_val Pointer to values
*/
static void add_entry(TiffEncoderContext *s, enum TiffTags tag,
- enum TiffTypes type, int count, const void
*ptr_val)
+ enum TiffTypes type, uint64_t count, const void
*ptr_val)
{
uint8_t *entries_ptr = s->entries + 12 * s->num_entries;
Probably ok, but need to validate that the value is actually within
uint32 because that is what is written to the bitstream.
check_size should do that already.
Yes, but that is called after writing the value. Plus the return value
is not checked; it just sets the buffer to the end, which is also not
checked when writing. So changing count to uint64_t doesn't really do
much of anything to help the actual issue.
-Justin
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
