Fix for overflow issue in mpegvideo.c patch by (Martin Boehme: boehme, inb uni-luebeck de)

this integer overflow might lead to the execution of arbitrary code during encoding with threads git-svn-id: file:///var/local/repositories/ffmpeg/trunk@4474 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b

Fix for overflow issue in mpegvideo.c patch by (Martin Boehme: boehme, inb uni-luebeck de)
this integer overflow might lead to the execution of arbitrary code during encoding with threads git-svn-id: file:///var/local/repositories/ffmpeg/trunk@4474 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
c9f4f747 · michael · c01cbef9 · c9f4f747
Commit c9f4f747 authored Jul 25, 2005 by michael
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

libavcodec/mpegvideo.c libavcodec/mpegvideo.c +2 -2

No files found.
--- a/libavcodec/mpegvideo.c
+++ b/libavcodec/mpegvideo.c
@@ -2316,8 +2316,8 @@ int MPV_encode_picture(AVCodecContext *avctx,
        int start_y= s->thread_context[i]->start_mb_y;
        int   end_y= s->thread_context[i]->  end_mb_y;
        int h= s->mb_height;
-        uint8_t *start= buf + buf_size*start_y/h;
-        uint8_t *end  = buf + buf_size*  end_y/h;
+        uint8_t *start= buf + (size_t)(((int64_t) buf_size)*start_y/h);
+        uint8_t *end  = buf + (size_t)(((int64_t) buf_size)*  end_y/h);

        init_put_bits(&s->thread_context[i]->pb, start, end - start);
    }