Quoting Hendrik Leppkes (2015-07-13 20:49:51)
> On Mon, Jul 13, 2015 at 8:29 PM, Anton Khirnov <an...@khirnov.net> wrote:
> > Quoting Alexandra Hájková (2015-07-13 12:02:04)
> >> found with Coverity Scan
> >> ---
> >> libavformat/asfdec.c | 2 +-
> >> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
> >> index 3342c11..31e9bd4 100644
> >> --- a/libavformat/asfdec.c
> >> +++ b/libavformat/asfdec.c
> >> @@ -134,7 +134,7 @@ typedef struct ASFContext {
> >>
> >> // packet state
> >> uint64_t sub_left; // subpayloads left or not
> >> - int nb_sub; // number of subpayloads read so far from the current ASF
> >> packet
> >> + unsigned int nb_sub; // number of subpayloads read so far from the
> >> current ASF packet
> >
> > The commit message is not correct, this change cannot prevent any
> > integer overflow.
> >
>
> Well, if the number of sub payloads is coded as an unsigned int, and
> we store it as a signed int, it could overflow, while if we store it
> as an unsigned, it cannot?
> Seems sensible to me.
The number is not read from the file, this is a counter incremented when
subpayloads are read.
--
Anton Khirnov
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
