[FFmpeg-devel] [PATCH] fli with invalid frame size overreads buffer (issue 2520)

Michael Niedermayer michaelni
Mon Jan 10 16:30:43 CET 2011


On Mon, Jan 10, 2011 at 12:27:41AM -0500, Daniel Kang wrote:
> On Sun, Jan 9, 2011 at 8:18 PM, Michael Niedermayer <michaelni at gmx.at>wrote:
> 
> >  On Sun, Jan 09, 2011 at 03:48:39PM -0500, Daniel Kang wrote:
> > > ffmpeg does not check for overreads in fli decoding. This is probably
> > > because it is difficult to determine how much the decoding will read in,
> > > due to the large number of cases. The patch attached adds a check for
> > > this.
> >
> > >  flicvideo.c |    4 ++++
> > >  1 file changed, 4 insertions(+)
> > > 7c1cb423fa786e1c29e37df538dc3daad4b6603a  fli_overread_check.diff
> > > From 294ac5d1681f8cbd6575eab1dc52e9170ae2d296 Mon Sep 17 00:00:00 2001
> > > From: Daniel Kang <daniel.d.kang at gmail.com>
> > > Date: Sun, 9 Jan 2011 15:26:29 -0500
> > > Subject: [PATCH] Add check for fli files
> >
> > This looks quite insufficient
> 
> 
> My idea was that the buffer padding will take care of small overreads,
> but I think you are right. Should I instead put in checks for each case?

The minimum of checks needed to avoid overreading beyond the padding should be
added, preferably no checks in the innermost loops to avoid slowdown.
This would be quite a bit of work though

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If a bugfix only changes things apparently unrelated to the bug with no
further explanation, that is a good sign that the bugfix is wrong.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20110110/da59590b/attachment.pgp>



More information about the ffmpeg-devel mailing list