[FFmpeg-devel] Alac : fix buffer overflow
Michael Niedermayer
michaelni
Sat May 3 23:13:27 CEST 2008
On Sat, May 03, 2008 at 08:52:09PM +0200, matthieu castet wrote:
> Hi,
>
> this patch fix a buffer overflow in alac : it doesn't check if the output
> buffer is large enough before filling it with 0.
>
> And the case really happen in the last frame, because the decoder is broken
> if hassize (size different from the default one) is true.
>
>
> Matthieu
> Index: libavcodec/alac.c
> ===================================================================
> --- libavcodec/alac.c (r?vision 13047)
> +++ libavcodec/alac.c (copie de travail)
> @@ -208,6 +208,12 @@
> block_size= decode_scalar(&alac->gb, k, rice_kmodifier, 16);
>
> if (block_size > 0) {
> + if (output_count + block_size >= output_size) {
This isnt enough, anyway, fixed.
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
While the State exists there can be no freedom; when there is freedom there
will be no State. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20080503/10d49c92/attachment.pgp>
More information about the ffmpeg-devel
mailing list