[Ffmpeg-cvslog] r5487 - trunk/libavcodec/parser.c

Michael Niedermayer michaelni
Sat Jun 17 10:14:51 CEST 2006


Hi

On Fri, Jun 16, 2006 at 10:41:34PM +0200, mru wrote:
> Author: mru
> Date: Fri Jun 16 22:41:33 2006
> New Revision: 5487
> 
> Modified:
>    trunk/libavcodec/parser.c
> 
> Log:
> The AAC frame header uses 13 bits for the frame size, so the buffer should
> have room for such a frame.  A frame that large seems unlikely in a valid
> file, but leaving room for it spares us the need to check it elsewhere.
> Moving the buffer to the end of the struct made debugging this easier.
> 
> 
> Modified: trunk/libavcodec/parser.c
> ==============================================================================
> --- trunk/libavcodec/parser.c	(original)
> +++ trunk/libavcodec/parser.c	Fri Jun 16 22:41:33 2006
> @@ -729,12 +729,12 @@
>  
>  /* also used for ADTS AAC */
>  typedef struct AC3ParseContext {
> -    uint8_t inbuf[4096]; /* input buffer */
>      uint8_t *inbuf_ptr;
>      int frame_size;
>      int header_size;
>      int (*sync)(const uint8_t *buf, int *channels, int *sample_rate,
>                  int *bit_rate, int *samples);
> +    uint8_t inbuf[8192]; /* input buffer */

hmm, isnt that also a security fix, i mean that if something writes over the
end of inbuf then it would also overwrite the following function pointer
sync() amongth other things ...

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In the past you could go to a library and read, borrow or copy any book
Today you'd get arrested for mere telling someone where the library is




More information about the ffmpeg-cvslog mailing list