[FFmpeg-devel] [PATCH] FLAC decoder segfault reading metadata
Michael Niedermayer
michaelni
Wed Oct 3 09:50:28 CEST 2007
Hi
On Tue, Oct 02, 2007 at 08:45:40PM -0400, Justin Ruggles wrote:
[...]
> >
> >> + if(s->bps < 4) {
> >> + av_log(s->avctx, AV_LOG_DEBUG, "invalid bits-per-sample. must be >= 4.\n");
> >> + return 0;
> >> + }
> >> allocate_buffers(s);
> >> + }
> >
> > patch rejected, you cant just skip reallocating
> > the buffers, the return of this function is not checked nothing will
> > stop the randomly sized buffers from being used
>
> If this function returns an error (for some odd reason 0 is error...)
> then no decoding will be attempted.
NO
flac.c:----------
} else {
metadata_parse(s);
}
}
return 0;
}
-----------------
the return value is NOT checked!
> It doesn't make sense to resize the
> buffers when the information you're basing the new sizes on is incorrect.
the buffers MUST always be as large as the buf sizes you store in the struct
and use to prevent overflows
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Observe your enemies, for they first find out your faults. -- Antisthenes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20071003/3ab73bbe/attachment.pgp>
More information about the ffmpeg-devel
mailing list