[FFmpeg-devel] [PATCH] ac3_probe input buffer overrun
Wolfram Gloger
wmglo
Sat Sep 1 15:02:37 CEST 2007
> Not that I can find any current valgrind bug reports like that,
> but in this case the memory is quite definitely uninitialized:
I meant: "the used memory is quite definitely uninitialized".
> --- ffmpeg-wg/libavformat/utils.c~ 2007-08-30 23:45:32.000000000 +0200
> +++ ffmpeg-wg/libavformat/utils.c 2007-09-01 13:00:15.000000000 +0200
> @@ -445,6 +445,7 @@
> /* read probe data */
> pd->buf= av_realloc(pd->buf, probe_size + AVPROBE_PADDING_SIZE);
> pd->buf_size = get_buffer(pb, pd->buf, probe_size);
> + memset(pd->buf + pd->buf_size, 0, AVPROBE_PADDING_SIZE);
> if (url_fseek(pb, 0, SEEK_SET) < 0) {
> url_fclose(pb);
> if (url_fopen(pb, filename, URL_RDONLY) < 0) {
>
> should fix it too and could of course replace my patch.
.. and this is unsufficient. There is another case where the probe buffer
isn't even properly extended. New patch attached.
Regards,
Wolfram.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 1159 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070901/3b60ca38/attachment.obj>
More information about the ffmpeg-devel
mailing list