[FFmpeg-devel] [PATCH] lavc/mmvideo: fix potential buffer overread in mm_decode_pal()
Paul B Mahol
onemda at gmail.com
Wed Jul 25 14:36:11 CEST 2012
On 7/25/12, Stefano Sabatini <stefasab at gmail.com> wrote:
> Add missing buffer check.
1: that check is not missing (in security sense).
2: why you are checking this in for loop?
3: if you are checking for left bytes why you are checking it again in
call bellow using checked bytestream2 function
(bytestrean2_get_be24())?
4: commit message is incorrect.
> ---
> libavcodec/mmvideo.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c
> index 3e6cb1a..ed2d405 100644
> --- a/libavcodec/mmvideo.c
> +++ b/libavcodec/mmvideo.c
> @@ -71,7 +71,7 @@ static int mm_decode_pal(MmContext *s)
> int i;
>
> bytestream2_skip(&s->gb, 4);
> - for (i = 0; i < 128; i++) {
> + for (i = 0; i < 128 && bytestream2_get_bytes_left(&s->gb) >= 3; i++) {
> s->palette[i] = 0xFF << 24 | bytestream2_get_be24(&s->gb);
> s->palette[i+128] = s->palette[i]<<2;
> }
> --
> 1.7.5.4
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
More information about the ffmpeg-devel
mailing list