« Previous | Next » 

Revision bd2a3700

IDbd2a3700c045201b043a0e812d932e9d4fc37e82
Parent 1d6c82d4
Child 1da254b8

Added by Stefano Sabatini over 9 years ago

lsws: prevent overflow in sws_init_context()

In the loop:
for (i=0; i<dstH; i++) {
int chrI= i*c->chrDstH / dstH;

when i*c->chrDstH > INT_MAX this leads to an integer overflow, which
results in a negative value for chrI and in out-of-buffer reads. The
overflow is avoided by forcing int64_t arithmetic by casting i to
int64_t.

Fix crash, and trac issue #72.

Signed-off-by: Stefano Sabatini <>

Files

  • added
  • modified
  • copied
  • renamed
  • deleted

View differences