From 830f7f189f7b41221b29d40e8127cf54a140ae86 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 20 Oct 2012 19:08:41 +0200
Subject: mmsh: fix integer overflow in mmsh_seek()

Fixes CID703745
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/mmsh.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libavformat/mmsh.c')

diff --git a/libavformat/mmsh.c b/libavformat/mmsh.c
index d6e398200f..86a0575e59 100644
--- a/libavformat/mmsh.c
+++ b/libavformat/mmsh.c
@@ -394,7 +394,7 @@ static int64_t mmsh_seek(URLContext *h, int64_t pos, int whence)
     MMSContext *mms   = &mmsh->mms;
 
     if(pos == 0 && whence == SEEK_CUR)
-        return mms->asf_header_read_size + mms->remaining_in_len + mmsh->chunk_seq * mms->asf_packet_len;
+        return mms->asf_header_read_size + mms->remaining_in_len + mmsh->chunk_seq * (int64_t)mms->asf_packet_len;
     return AVERROR(ENOSYS);
 }
 
-- 
cgit v1.2.3