[FFmpeg-devel] libx264.c:encode_nals can overwrite buffers

Paul Flinders paul
Sat Jan 1 00:04:10 CET 2011


On 31/12/10 22:58, Jason Garrett-Glaser wrote:
> Your patch looks inverted.
>
>
Apologies.

Corrected patch

--- /home/paul/rpmbuild/BUILD/ffmpeg-20101226/libavcodec/libx264.c    
2010-12-26 16:32:46.000000000 +0000
+++ libx264.c    2010-12-31 22:28:07.000000000 +0000
@@ -60,8 +60,13 @@

      /* Write the SEI as part of the first frame. */
      if (x4->sei_size > 0 && nnal > 0) {
+    if (size < x4->sei_size){
+        av_log(ctx, AV_LOG_ERROR, "supplied buffer too small\n");
+        return x4->sei_size - size;
+    }
          memcpy(p, x4->sei, x4->sei_size);
          p += x4->sei_size;
+    size -=  x4->sei_size;
          x4->sei_size = 0;
      }

@@ -73,8 +78,13 @@
              memcpy(x4->sei, nals[i].p_payload, nals[i].i_payload);
              continue;
          }
+    if (size < nals[i].i_payload){
+        av_log(ctx, AV_LOG_ERROR, "supplied buffer too small\n");
+        return nals[i].i_payload - size;
+    }
          memcpy(p, nals[i].p_payload, nals[i].i_payload);
          p += nals[i].i_payload;
+    size -= nals[i].i_payload;
      }

      return p - buf;





More information about the ffmpeg-devel mailing list