[FFmpeg-devel] [PATCH] Fix av_packet_split_side_data.
Michael Niedermayer
michaelni at gmx.at
Sun Nov 6 01:42:57 CET 2011
On Sun, Nov 06, 2011 at 01:34:30AM +0100, Reimar Döffinger wrote:
> p cannot be calculated before av_dup_packet since that one
> might change avpkt->data, causing invalid reads and a
> non-working range check.
>
> Signed-off-by: Reimar Döffinger <Reimar.Doeffinger at gmx.de>
> ---
> libavcodec/avpacket.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
> index ff34285..a4bd442 100644
> --- a/libavcodec/avpacket.c
> +++ b/libavcodec/avpacket.c
> @@ -237,10 +237,11 @@ int av_packet_split_side_data(AVPacket *pkt){
> if (!pkt->side_data_elems && pkt->size >12 && AV_RB64(pkt->data + pkt->size - 8) == FF_MERGE_MARKER){
> int i;
> unsigned int size;
> - uint8_t *p= pkt->data + pkt->size - 8 - 5;
> + uint8_t *p;
>
> av_dup_packet(pkt);
>
> + p = pkt->data + pkt->size - 8 - 5;
> for (i=1; ; i++){
> size = AV_RB32(p);
> if (size>INT_MAX || p - pkt->data <= size)
LGTM
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Rewriting code that is poorly written but fully understood is good.
Rewriting code that one doesnt understand is a sign that one is less smart
then the original author, trying to rewrite it will not make it better.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20111106/e0fc19b5/attachment.asc>
More information about the ffmpeg-devel
mailing list