[FFmpeg-devel] [PATCH] lavu/mem: fix potential int overflow and crash in av_dynarray_add()
Stefano Sabatini
stefasab at gmail.com
Sat Apr 27 19:40:46 CEST 2013
On date Friday 2013-04-26 02:58:05 +0200, Michael Niedermayer encoded:
> On Thu, Apr 25, 2013 at 12:36:21AM +0200, Stefano Sabatini wrote:
[...]
> > --- a/libavutil/mem.h
> > +++ b/libavutil/mem.h
> > @@ -197,7 +197,8 @@ void av_freep(void *ptr);
> > *
> > * In case of success, the pointer to the array is updated in order to
> > * contain the new growed array, and the number pointed to by nb_ptr
> > - * is incremented.
> > + * is incremented. In case of failure, the array is not modified and
> > + * *nb_ptr is not updated.
>
> how could a user detect an error, also existing code that does not
> check couls misbehave in a worse way than before
Well I could simply dealloc and set array and nb_ptr to 0. This would
avoid a crash in the function (but not prevent the crash in the
application).
--
FFmpeg = Freak Furious Majestic Powerful Elected Gladiator
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-lavu-mem-fix-potential-int-overflow-and-crash-in-av_.patch
Type: text/x-diff
Size: 1792 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130427/8ce46079/attachment.bin>
More information about the ffmpeg-devel
mailing list