[FFmpeg-devel] libx264.c:encode_nals can overwrite buffers
Paul Flinders
paul
Sat Jan 1 00:04:10 CET 2011
On 31/12/10 22:58, Jason Garrett-Glaser wrote:
> Your patch looks inverted.
>
>
Apologies.
Corrected patch
--- /home/paul/rpmbuild/BUILD/ffmpeg-20101226/libavcodec/libx264.c
2010-12-26 16:32:46.000000000 +0000
+++ libx264.c 2010-12-31 22:28:07.000000000 +0000
@@ -60,8 +60,13 @@
/* Write the SEI as part of the first frame. */
if (x4->sei_size > 0 && nnal > 0) {
+ if (size < x4->sei_size){
+ av_log(ctx, AV_LOG_ERROR, "supplied buffer too small\n");
+ return x4->sei_size - size;
+ }
memcpy(p, x4->sei, x4->sei_size);
p += x4->sei_size;
+ size -= x4->sei_size;
x4->sei_size = 0;
}
@@ -73,8 +78,13 @@
memcpy(x4->sei, nals[i].p_payload, nals[i].i_payload);
continue;
}
+ if (size < nals[i].i_payload){
+ av_log(ctx, AV_LOG_ERROR, "supplied buffer too small\n");
+ return nals[i].i_payload - size;
+ }
memcpy(p, nals[i].p_payload, nals[i].i_payload);
p += nals[i].i_payload;
+ size -= nals[i].i_payload;
}
return p - buf;
More information about the ffmpeg-devel
mailing list