[Ffmpeg-devel] Buffer overflow in ffdca
Michael Niedermayer
michaelni
Fri Apr 27 07:32:23 CEST 2007
Hi
On Fri, Apr 27, 2007 at 03:36:37AM +0300, Uoti Urpala wrote:
> The loop at line 1104 doesn't check that the packet fits in the output
> buffer.
>
> Maybe that was caused by confusion about how the bitstream writer works
> - the code gives the output buffer size to init_put_bits(), but the
> writer will just ignore that.
adding a
if((unsigned)src_size > (unsigned)max_size)
return -1;
at the top of the function should fix that, also the FFMIN could then be
removed, but it would waste 1/8 of the buffer
if there are no objections or other suggestions then ill commit that
in a few hours
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Freedom in capitalist society always remains about the same as it was in
ancient Greek republics: Freedom for slave owners. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070427/9955a61b/attachment.pgp>
More information about the ffmpeg-devel
mailing list