[FFmpeg-cvslog] tiffdec: Prevent illegal memory access caused by recycled pointers.
Alex Converse
git at videolan.org
Mon Apr 2 01:45:29 CEST 2012
ffmpeg | branch: release/0.8 | Alex Converse <alex.converse at gmail.com> | Tue Mar 6 17:00:29 2012 -0800| [bbe316dfb425edecd98e3fbef93c17abe6bb5cb8] | committer: Reinhard Tartler
tiffdec: Prevent illegal memory access caused by recycled pointers.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit fd0be63049ed46660993d0550a4f0847a0b942ea)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bbe316dfb425edecd98e3fbef93c17abe6bb5cb8
---
libavcodec/tiff.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 1866dab..0a0973c 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -534,6 +534,8 @@ static int decode_frame(AVCodecContext *avctx,
av_log(avctx, AV_LOG_ERROR, "The answer to life, universe and everything is not correct!\n");
return -1;
}
+ // Reset these pointers so we can tell if they were set this frame
+ s->stripsizes = s->stripdata = NULL;
/* parse image file directory */
off = tget_long(&buf, le);
if (off >= UINT_MAX - 14 || end_buf - orig_buf < off + 14) {
More information about the ffmpeg-cvslog
mailing list