« Previous | Next » 

Revision bd2a3700

Parent 1d6c82d4
Child 1da254b8

Added by Stefano Sabatini over 10 years ago

lsws: prevent overflow in sws_init_context()

In the loop:
for (i=0; i<dstH; i++) {
int chrI= i*c->chrDstH / dstH;

when i*c->chrDstH > INT_MAX this leads to an integer overflow, which
results in a negative value for chrI and in out-of-buffer reads. The
overflow is avoided by forcing int64_t arithmetic by casting i to

Fix crash, and trac issue #72.

Signed-off-by: Stefano Sabatini <>


  • added
  • modified
  • copied
  • renamed
  • deleted

View differences