[FFmpeg-devel] [PATCH] oggdec: add integer overflow and allocation check in ogg_read_page()
Stefano Sabatini
stefano.sabatini-lala at poste.it
Tue May 24 16:17:33 CEST 2011
On date Tuesday 2011-05-24 14:34:32 +0200, Michael Niedermayer encoded:
> On Tue, May 24, 2011 at 01:48:46PM +0200, Stefano Sabatini wrote:
[...]
> > Your patch can be applied on top of that, the issue reporter tells
> > that the patch fixes the issue, then we noted there are other memory
> > issues but I want to leave them for now, and possibly wait for a reply
> > from David Conrad (listed as file maintainer).
> > --
> > FFmpeg = Faithful and Fostering Murdering Perennial Elfic Glue
>
> > oggdec.c | 8 +++++++-
> > 1 file changed, 7 insertions(+), 1 deletion(-)
> > 2ffdc2480b9754eb0981b0072556ce094bd07c72 0001-oggdec-add-integer-overflow-and-allocation-check-in-.patch
> > From 3e7461df29cca18749db557b1e6616f578b3b73a Mon Sep 17 00:00:00 2001
> > From: Stefano Sabatini <stefano.sabatini-lala at poste.it>
> > Date: Thu, 19 May 2011 00:05:21 +0200
> > Subject: [PATCH] oggdec: add integer overflow and allocation check in ogg_read_page()
> >
> > Should fix trac issue #185.
> > ---
> > libavformat/oggdec.c | 8 +++++++-
> > 1 files changed, 7 insertions(+), 1 deletions(-)
> >
> > diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c
> > index 344bd1c..aa63f96 100644
> > --- a/libavformat/oggdec.c
> > +++ b/libavformat/oggdec.c
> > @@ -288,7 +288,13 @@ static int ogg_read_page(AVFormatContext *s, int *str)
> > }
> >
> > if (os->bufsize - os->bufpos < size){
> > - uint8_t *nb = av_malloc (os->bufsize *= 2);
> > + uint8_t *nb;
> > + if (os->bufsize > SIZE_MAX/2) {
>
> bufsize is unsigned int SIZE_MAX can be larger
Fixed.
Other patches posted in separate threads.
--
FFmpeg = Foolish & Formidable Magnificient Programmable Ecumenical Gadget
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-oggdec-add-integer-overflow-and-allocation-check-in-.patch
Type: text/x-diff
Size: 1094 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110524/6642eb64/attachment.bin>
More information about the ffmpeg-devel
mailing list