hqx: correct type and size check of info_offset

It is used as size argument of ff_canopus_parse_info_tag, which uses it
as size argument to bytestream2_init, which only supports sizes up to
INT_MAX.
Changing it's type to unsigned simplifies the check.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
pull/134/merge
Andreas Cadhalpun 9 years ago committed by Vittorio Giovara
parent 0a8bff788b
commit 9fd2bf09db
  1. 4
      libavcodec/hqx.c

@ -417,8 +417,8 @@ static int hqx_decode_frame(AVCodecContext *avctx, void *data,
info_tag = AV_RL32(src); info_tag = AV_RL32(src);
if (info_tag == MKTAG('I', 'N', 'F', 'O')) { if (info_tag == MKTAG('I', 'N', 'F', 'O')) {
int info_offset = AV_RL32(src + 4); unsigned info_offset = AV_RL32(src + 4);
if (info_offset > UINT32_MAX - 8 || info_offset + 8 > avpkt->size) { if (info_offset > INT_MAX || info_offset + 8 > avpkt->size) {
av_log(avctx, AV_LOG_ERROR, av_log(avctx, AV_LOG_ERROR,
"Invalid INFO header offset: 0x%08"PRIX32" is too large.\n", "Invalid INFO header offset: 0x%08"PRIX32" is too large.\n",
info_offset); info_offset);

Loading…
Cancel
Save