[Ffmpeg-devel] Re: [PATCH] mov.c clean and enhancements

Michael Niedermayer michaelni
Sun Feb 19 21:01:36 CET 2006


Hi

On Sat, Feb 18, 2006 at 01:19:31PM +0100, Baptiste COUDURIER wrote:
> Michael Niedermayer wrote:
> > Hi
> > 
> > [...]
> >> +static int mov_read_alac(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
> >> +{
> >> +    AVStream *st = c->fc->streams[c->fc->nb_streams-1];
> >> +
> >> +    // currently ALAC decoder expect full atom header - so let's fake it
> >> +    // this should be fixed and just ALAC header should be passed
> >> +
> >> +    av_free(st->codec->extradata);
> >> +    st->codec->extradata_size = atom.size + 8;
> >> +    st->codec->extradata = (uint8_t*) av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
> >> +
> >> +    if (st->codec->extradata) {
> >> +        strcpy(st->codec->extradata + 4, "alac"); // fake
> >> +        get_buffer(pb, st->codec->extradata + 8, atom.size);
> >> +        dprintf("Reading alac %Ld  %s\n", atom.size, (char*)st->codec->extradata);
> >> +    } else
> >> +        url_fskip(pb, atom.size);
> >> +    return 0;
> > 
> > is there anything which prevents atom.size + 8 + FF_INPUT_BUFFER_PADDING_SIZE
> > from overflowing? if no then extradata will be too small and you have a heap
> > overflow
> > 
> > 
> > [...]
> > 
> 
> Ok, is it better this way ?

yes, applied

[...]

-- 
Michael





More information about the ffmpeg-devel mailing list