[FFmpeg-devel] [PATCH] fli with invalid frame size overreads buffer (issue 2520)

Michael Niedermayer michaelni
Mon Jan 10 02:18:57 CET 2011


On Sun, Jan 09, 2011 at 03:48:39PM -0500, Daniel Kang wrote:
> ffmpeg does not check for overreads in fli decoding. This is probably
> because it is difficult to determine how much the decoding will read in,
> due to the large number of cases. The patch attached adds a check for
> this.

>  flicvideo.c |    4 ++++
>  1 file changed, 4 insertions(+)
> 7c1cb423fa786e1c29e37df538dc3daad4b6603a  fli_overread_check.diff
> From 294ac5d1681f8cbd6575eab1dc52e9170ae2d296 Mon Sep 17 00:00:00 2001
> From: Daniel Kang <daniel.d.kang at gmail.com>
> Date: Sun, 9 Jan 2011 15:26:29 -0500
> Subject: [PATCH] Add check for fli files

This looks quite insufficient

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

He who knows, does not speak. He who speaks, does not know. -- Lao Tsu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20110110/106a2e5c/attachment.pgp>



More information about the ffmpeg-devel mailing list