[FFmpeg-devel] [PATCH] use av_mallocz() in vorbis_comment()
Justin Ruggles
justin.ruggles
Thu Feb 12 03:45:39 CET 2009
M?ns Rullg?rd wrote:
> Justin Ruggles <justin.ruggles at gmail.com> writes:
>
>> Hi,
>>
>> This patch avoids allocating memory on the stack based on decoded stream
>> values which can be up to 32-bit. Mans has pointed out that the current
>> version is not a security risk, it would just crash with SIGSEGV for
>> really large metadata. This patch skips the single metadata tag if
>> allocation fails and continues try to the next tag.
>>
>> Thanks,
>> Justin
>>
>>
>> Index: libavformat/oggparsevorbis.c
>> ===================================================================
>> --- libavformat/oggparsevorbis.c (revision 17145)
>> +++ libavformat/oggparsevorbis.c (working copy)
>> @@ -71,15 +71,21 @@
>> v++;
>>
>> if (tl && vl) {
>> - char tt[tl + 1];
>> - char ct[vl + 1];
>> + char *tt, *ct;
>>
>> + tt = av_mallocz(tl + 1);
>> + ct = av_mallocz(vl + 1);
>
> Why mallocz? It's being written again immediately below.
No particular reason. New patch attached.
-Justin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vorbiscomment_av_malloc.diff
Type: text/x-diff
Size: 767 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090211/45270cc2/attachment.diff>
More information about the ffmpeg-devel
mailing list