[FFmpeg-devel] [libav-devel] [PATCH 5/6] Fixed segfaults on corruped smaker streams in the decoder.

Reimar Döffinger Reimar.Doeffinger at gmx.de
Mon Sep 12 23:28:44 CEST 2011


On Sun, Sep 11, 2011 at 07:56:46PM +0200, Laurent Aimar wrote:
> @@ -653,6 +659,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
>      } else { //8-bit data
>          for(i = stereo; i >= 0; i--)
>              pred[i] = get_bits(&gb, 8);
> +        if (stereo + unp_size > data_size)
> +            return -1;

This can overflow.
if (unp_size < 0 || unp_size > data_size - stereo)
should probably be safe.


More information about the ffmpeg-devel mailing list