[FFmpeg-devel] [PATCH 04/16] txd: check for out of bound reads.
Michael Niedermayer
michaelni at gmx.at
Sun Oct 9 03:24:32 CEST 2011
On Sun, Oct 09, 2011 at 02:46:42AM +0200, Michael Niedermayer wrote:
> On Sun, Oct 09, 2011 at 02:13:47AM +0200, Laurent Aimar wrote:
> > On Sun, Oct 09, 2011 at 12:21:36AM +0200, Reimar Döffinger wrote:
> > > On Sat, Oct 08, 2011 at 11:40:29PM +0200, fenrir at elivagar.org wrote:
> > > > + if (buf_end - cur < 1024)
> > > > + return AVERROR_INVALIDDATA;
> > > > avctx->pix_fmt = PIX_FMT_PAL8;
> > > > cur += 1024;
> > >
> > > The if after the pix_fmt would be more readable.
> > >
> > > > @@ -133,8 +146,12 @@ static int txd_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
> > > > }
> > > > }
> > > >
> > > > - for (; mipmap_count > 1; mipmap_count--)
> > > > - cur += AV_RL32(cur) + 4;
> > > > + for (; mipmap_count > 1 && buf_end - cur >= 4; mipmap_count--) {
> > > > + uint32_t length = AV_RL32(cur);
> > > > + if (buf_end - cur - 4 < length )
> > > > + break;
> > > > + cur += length + 4;
> > >
> > > The space before ) should not be there.
> > > Also seems simpler as
> > > uint32_t length = bytestream_get_le32(&cur);
> > > if (length > buf_end - cur)
> > > break;
> > > cur += length;
> >
> > Patch attached.
>
> applied, thanks
#include bytestream.h added
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The worst form of inequality is to try to make unequal things equal.
-- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20111009/55bd934a/attachment.asc>
More information about the ffmpeg-devel
mailing list