Skip to content

V
vlc-gpu
Commit 8e16fb45 authored by Laurent Aimar's avatar Laurent Aimar
Browse files
Options

Fixed signed integer overflow when loading AVI ODML index.

parent 07f608d1
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 9 deletions
modules/demux/avi/avi.c
View file @ 8e16fb45
...@@ -2180,12 +2180,11 @@ static void __Parse_indx( demux_t *p_demux, ...@@ -2180,12 +2180,11 @@ static void __Parse_indx( demux_t *p_demux,
{ {
demux_sys_t *p_sys = p_demux->p_sys; demux_sys_t *p_sys = p_demux->p_sys;
avi_entry_t index; avi_entry_t index;
int32_t i;
msg_Dbg( p_demux, "loading subindex(0x%x) %d entries", p_indx->i_indextype, p_indx->i_entriesinuse ); msg_Dbg( p_demux, "loading subindex(0x%x) %d entries", p_indx->i_indextype, p_indx->i_entriesinuse );
if( p_indx->i_indexsubtype == 0 ) if( p_indx->i_indexsubtype == 0 )
{ {
for( i = 0; i < p_indx->i_entriesinuse; i++ ) for( unsigned i = 0; i < p_indx->i_entriesinuse; i++ )
{ {
index.i_id = p_indx->i_id; index.i_id = p_indx->i_id;
index.i_flags = p_indx->idx.std[i].i_size & 0x80000000 ? 0 : AVIIF_KEYFRAME; index.i_flags = p_indx->idx.std[i].i_size & 0x80000000 ? 0 : AVIIF_KEYFRAME;
...@@ -2197,7 +2196,7 @@ static void __Parse_indx( demux_t *p_demux, ...@@ -2197,7 +2196,7 @@ static void __Parse_indx( demux_t *p_demux,
} }
else if( p_indx->i_indexsubtype == AVI_INDEX_2FIELD ) else if( p_indx->i_indexsubtype == AVI_INDEX_2FIELD )
{ {
for( i = 0; i < p_indx->i_entriesinuse; i++ ) for( unsigned i = 0; i < p_indx->i_entriesinuse; i++ )
{ {
index.i_id = p_indx->i_id; index.i_id = p_indx->i_id;
index.i_flags = p_indx->idx.field[i].i_size & 0x80000000 ? 0 : AVIIF_KEYFRAME; index.i_flags = p_indx->idx.field[i].i_size & 0x80000000 ? 0 : AVIIF_KEYFRAME;
...@@ -2217,7 +2216,6 @@ static void AVI_IndexLoad_indx( demux_t *p_demux ) ...@@ -2217,7 +2216,6 @@ static void AVI_IndexLoad_indx( demux_t *p_demux )
{ {
demux_sys_t *p_sys = p_demux->p_sys; demux_sys_t *p_sys = p_demux->p_sys;
unsigned int i_stream; unsigned int i_stream;
int32_t i;
avi_chunk_list_t *p_riff; avi_chunk_list_t *p_riff;
avi_chunk_list_t *p_hdrl; avi_chunk_list_t *p_hdrl;
...@@ -2248,7 +2246,7 @@ static void AVI_IndexLoad_indx( demux_t *p_demux ) ...@@ -2248,7 +2246,7 @@ static void AVI_IndexLoad_indx( demux_t *p_demux )
else if( p_indx->i_indextype == AVI_INDEX_OF_INDEXES ) else if( p_indx->i_indextype == AVI_INDEX_OF_INDEXES )
{ {
avi_chunk_t ck_sub; avi_chunk_t ck_sub;
for( i = 0; i < p_indx->i_entriesinuse; i++ ) for( unsigned i = 0; i < p_indx->i_entriesinuse; i++ )
{ {
if( stream_Seek( p_demux->s, p_indx->idx.super[i].i_offset )|| if( stream_Seek( p_demux->s, p_indx->idx.super[i].i_offset )||
AVI_ChunkRead( p_demux->s, &ck_sub, NULL ) ) AVI_ChunkRead( p_demux->s, &ck_sub, NULL ) )
......
modules/demux/avi/libavi.h
View file @ 8e16fb45
...@@ -174,10 +174,10 @@ typedef struct ...@@ -174,10 +174,10 @@ typedef struct
typedef struct avi_chunk_indx_s typedef struct avi_chunk_indx_s
{ {
AVI_CHUNK_COMMON AVI_CHUNK_COMMON
int16_t i_longsperentry; int16_t i_longsperentry;
int8_t i_indexsubtype; int8_t i_indexsubtype;
int8_t i_indextype; int8_t i_indextype;
int32_t i_entriesinuse; uint32_t i_entriesinuse;
vlc_fourcc_t i_id; vlc_fourcc_t i_id;
int64_t i_baseoffset; int64_t i_baseoffset;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment