[Ffmpeg-devel] Re: [PATCH] mov.c clean and enhancements

Baptiste COUDURIER baptiste.coudurier
Sat Feb 18 13:19:31 CET 2006


Michael Niedermayer wrote:
> Hi
> 
> [...]
>> +static int mov_read_alac(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
>> +{
>> +    AVStream *st = c->fc->streams[c->fc->nb_streams-1];
>> +
>> +    // currently ALAC decoder expect full atom header - so let's fake it
>> +    // this should be fixed and just ALAC header should be passed
>> +
>> +    av_free(st->codec->extradata);
>> +    st->codec->extradata_size = atom.size + 8;
>> +    st->codec->extradata = (uint8_t*) av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
>> +
>> +    if (st->codec->extradata) {
>> +        strcpy(st->codec->extradata + 4, "alac"); // fake
>> +        get_buffer(pb, st->codec->extradata + 8, atom.size);
>> +        dprintf("Reading alac %Ld  %s\n", atom.size, (char*)st->codec->extradata);
>> +    } else
>> +        url_fskip(pb, atom.size);
>> +    return 0;
> 
> is there anything which prevents atom.size + 8 + FF_INPUT_BUFFER_PADDING_SIZE
> from overflowing? if no then extradata will be too small and you have a heap
> overflow
> 
> 
> [...]
> 

Ok, is it better this way ?


-- 
Baptiste COUDURIER                              GnuPG Key Id: 0x5C1ABAAA
SMARTJOG S.A.                                    http://www.smartjog.com
Key fingerprint                 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
Phone: +33 1 49966312
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: mov_stsd_audio_clean.patch
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20060218/4c2325c2/attachment.asc>



More information about the ffmpeg-devel mailing list