[FFmpeg-cvslog] r19973 - trunk/libavcodec/utils.c

Alexander Strange astrange
Wed Sep 23 04:23:04 CEST 2009


On Sep 22, 2009, at 6:44 PM, michael wrote:

> Author: michael
> Date: Wed Sep 23 00:44:56 2009
> New Revision: 19973
>
> Log:
> Check codec_id and codec_type in avcodec_open(), based on  
> 43_codec_type_mismatch.patch from chrome
> This is said to be able to lead to a stack based buffer overflow.

Shouldn't this unset avctx->codec and priv_data?

>
> Modified:
>   trunk/libavcodec/utils.c
>
> Modified: trunk/libavcodec/utils.c
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- trunk/libavcodec/utils.c	Tue Sep 22 22:38:03 2009	(r19972)
> +++ trunk/libavcodec/utils.c	Wed Sep 23 00:44:56 2009	(r19973)
> @@ -481,7 +481,10 @@ int attribute_align_arg avcodec_open(AVC
>     }
>
>     avctx->codec = codec;
> -    avctx->codec_id = codec->id;
> +    if(avctx->codec_id != codec->id || avctx->codec_type != codec- 
> >type){
> +        av_log(avctx, AV_LOG_ERROR, "codec type or id mismatches\n");
> +        goto end;
> +    }
>     avctx->frame_number = 0;
>     if(avctx->codec->init){
>         ret = avctx->codec->init(avctx);
> _______________________________________________
> ffmpeg-cvslog mailing list
> ffmpeg-cvslog at mplayerhq.hu
> https://lists.mplayerhq.hu/mailman/listinfo/ffmpeg-cvslog




More information about the ffmpeg-cvslog mailing list