Check unp_size for possible overflows too

Originally committed as revision 10490 to svn://svn.ffmpeg.org/ffmpeg/trunk
author: Kostya Shishkov <kostya.shishkov@gmail.com> 2007-09-14 06:01:29 +0000
committer: Kostya Shishkov <kostya.shishkov@gmail.com> 2007-09-14 06:01:29 +0000
commit: f0dd9d4505675daa0f4fda6fcf4274416a23bf24 (patch)
tree: 9a73c1d61c9cb09797cba1e6594ddfdb2c75cff5 /libavcodec/smacker.c
parent: 208506e2a63eb6d008164c5b12ad4bec5fc69eb6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index e185f4d54f..614f3015b9 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -590,7 +590,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
     }
     stereo = get_bits1(&gb);
     bits = get_bits1(&gb);
-    if ((unp_size << !bits) > *data_size) {
+    if (unp_size & 0xC0000000 || (unp_size << !bits) > *data_size) {
         av_log(avctx, AV_LOG_ERROR, "Frame is too large to fit in buffer\n");
         return -1;
     }
author	Kostya Shishkov <kostya.shishkov@gmail.com>	2007-09-14 06:01:29 +0000
committer	Kostya Shishkov <kostya.shishkov@gmail.com>	2007-09-14 06:01:29 +0000
commit	f0dd9d4505675daa0f4fda6fcf4274416a23bf24 (patch)
tree	9a73c1d61c9cb09797cba1e6594ddfdb2c75cff5 /libavcodec/smacker.c
parent	208506e2a63eb6d008164c5b12ad4bec5fc69eb6 (diff)