[FFmpeg-devel] [PATCH 04/16] txd: check for out of bound reads.
Laurent Aimar
fenrir at elivagar.org
Sun Oct 9 02:13:47 CEST 2011
On Sun, Oct 09, 2011 at 12:21:36AM +0200, Reimar Döffinger wrote:
> On Sat, Oct 08, 2011 at 11:40:29PM +0200, fenrir at elivagar.org wrote:
> > + if (buf_end - cur < 1024)
> > + return AVERROR_INVALIDDATA;
> > avctx->pix_fmt = PIX_FMT_PAL8;
> > cur += 1024;
>
> The if after the pix_fmt would be more readable.
>
> > @@ -133,8 +146,12 @@ static int txd_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
> > }
> > }
> >
> > - for (; mipmap_count > 1; mipmap_count--)
> > - cur += AV_RL32(cur) + 4;
> > + for (; mipmap_count > 1 && buf_end - cur >= 4; mipmap_count--) {
> > + uint32_t length = AV_RL32(cur);
> > + if (buf_end - cur - 4 < length )
> > + break;
> > + cur += length + 4;
>
> The space before ) should not be there.
> Also seems simpler as
> uint32_t length = bytestream_get_le32(&cur);
> if (length > buf_end - cur)
> break;
> cur += length;
Patch attached.
--
fenrir
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-txd-check-for-out-of-bound-reads.patch
Type: text/x-diff
Size: 3349 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20111009/ecc9fd1f/attachment.bin>
More information about the ffmpeg-devel
mailing list