[FFmpeg-devel] [PATCH] Fix av_packet_split_side_data.

Michael Niedermayer michaelni at gmx.at
Sun Nov 6 01:42:57 CET 2011


On Sun, Nov 06, 2011 at 01:34:30AM +0100, Reimar Döffinger wrote:
> p cannot be calculated before av_dup_packet since that one
> might change avpkt->data, causing invalid reads and a
> non-working range check.
> 
> Signed-off-by: Reimar Döffinger <Reimar.Doeffinger at gmx.de>
> ---
>  libavcodec/avpacket.c |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)
> 
> diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
> index ff34285..a4bd442 100644
> --- a/libavcodec/avpacket.c
> +++ b/libavcodec/avpacket.c
> @@ -237,10 +237,11 @@ int av_packet_split_side_data(AVPacket *pkt){
>      if (!pkt->side_data_elems && pkt->size >12 && AV_RB64(pkt->data + pkt->size - 8) == FF_MERGE_MARKER){
>          int i;
>          unsigned int size;
> -        uint8_t *p= pkt->data + pkt->size - 8 - 5;
> +        uint8_t *p;
>  
>          av_dup_packet(pkt);
>  
> +        p = pkt->data + pkt->size - 8 - 5;
>          for (i=1; ; i++){
>              size = AV_RB32(p);
>              if (size>INT_MAX || p - pkt->data <= size)

LGTM

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Rewriting code that is poorly written but fully understood is good.
Rewriting code that one doesnt understand is a sign that one is less smart
then the original author, trying to rewrite it will not make it better.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20111106/e0fc19b5/attachment.asc>


More information about the ffmpeg-devel mailing list