From 0d6da4b83130337969ab35f12911923ab7200bbb Mon Sep 17 00:00:00 2001 From: Reimar Döffinger Date: Wed, 16 Sep 2009 15:12:23 +0000 Subject: Fix overflow check insufficiently improved in r19840. It assumes that sizeof(vmd_frame) < 64k, otherwise an additional check to ensure sound_buffers <= UINT_MAX / sizeof(vmd_frame) would be necessary. Originally committed as revision 19882 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavformat/sierravmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libavformat/sierravmd.c') diff --git a/libavformat/sierravmd.c b/libavformat/sierravmd.c index 5660282db2..9d069fdff6 100644 --- a/libavformat/sierravmd.c +++ b/libavformat/sierravmd.c @@ -161,7 +161,7 @@ static int vmd_read_header(AVFormatContext *s, vmd->frame_table = NULL; sound_buffers = AV_RL16(&vmd->vmd_header[808]); raw_frame_table_size = vmd->frame_count * 6; - if(vmd->frame_count * vmd->frames_per_block >= (UINT_MAX - sound_buffers) / sizeof(vmd_frame)){ + if(vmd->frame_count * vmd->frames_per_block >= UINT_MAX / sizeof(vmd_frame) - sound_buffers){ av_log(s, AV_LOG_ERROR, "vmd->frame_count * vmd->frames_per_block too large\n"); return -1; } -- cgit v1.2.3