[FFmpeg-devel] potential segfault in rle.c
Mathieu Malaterre
mathieu.malaterre
Thu Jul 31 14:15:01 CEST 2008
On Thu, Jul 31, 2008 at 1:01 PM, Michael Niedermayer <michaelni at gmx.at> wrote:
> On Wed, Jul 30, 2008 at 06:42:09PM +0200, Mathieu Malaterre wrote:
>> [resent from ffmpeg-users]
>>
>> I believe there is a potential segfault in rle.c. See attached patch.
>
> [...]
>> count = count_pixels(ptr, w-x, bpp, 0);
>> + /* are we allowed to write 1 byte + count*bpp bytes ? */
>> + if(out + bpp*count + 1 > outbuf + out_size) return -1;
>
> if(out + bpp*count >= outbuf + out_size)
>
> is simpler
done.
Thanks,
--
Mathieu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rle.patch2
Type: application/octet-stream
Size: 640 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20080731/4da989bf/attachment.obj>
More information about the ffmpeg-devel
mailing list