Commit 18eb4fd5 authored by Christophe Mutricy's avatar Christophe Mutricy

Avoid integer overflow. Patch by Drew Yao.

parent fe37fc3e
......@@ -397,7 +397,8 @@ static int cinepak_decode_frame( cinepak_context_t *p_context,
i_height = GET2BYTES( p_data );
i_frame_strips = GET2BYTES( p_data );
if( !i_frame_size || !i_width || !i_height )
if( !i_frame_size || !i_width || !i_height ||
i_width > 0xffff-3 || i_height > 0xffff-3)
{
/* Broken header */
return( -1 );
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment