[FFmpeg-devel] [PATCH] ituh263dec: Prevent overreading header buffer
Ronald S. Bultje
rsbultje at gmail.com
Mon Oct 21 20:02:07 CEST 2013
Hi,
On Mon, Oct 21, 2013 at 11:48 AM, Paul B Mahol <onemda at gmail.com> wrote:
> On 10/21/13, Derek Buitenhuis <derek.buitenhuis at gmail.com> wrote:
> > Signed-off-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
> > ---
> > Fixes a crash in a sample I have.
> > ---
> > libavcodec/ituh263dec.c | 5 +++++
> > 1 files changed, 5 insertions(+), 0 deletions(-)
> >
> > diff --git a/libavcodec/ituh263dec.c b/libavcodec/ituh263dec.c
> > index 08aeb30..6c7c12d 100644
> > --- a/libavcodec/ituh263dec.c
> > +++ b/libavcodec/ituh263dec.c
> > @@ -874,6 +874,11 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
> >
> > align_get_bits(&s->gb);
> >
> > + if (get_bits_left(&s->gb) < 22 - 8) {
> > + av_log(s->avctx, AV_LOG_ERROR, "Not enough bits to decode
> > header.\n");
> > + return -1;
> > + }
> > +
> > if (show_bits(&s->gb, 2) == 2 && s->avctx->frame_number == 0) {
> > av_log(s->avctx, AV_LOG_WARNING, "Header looks like RTP
> instead of
> > H.263\n");
> > }
> > --
> > 1.7.1
>
> lgtm
>
> OT: wonders why it use unchecked bitstream reader.
Right, if it can overread, it should use the checked bitstream reader. If
it wasn't designed to not overread, don't try to hack it in afterwards,
it's a bad, bad idea.
Ronald
More information about the ffmpeg-devel
mailing list