[FFmpeg-devel] [libav-devel] [PATCH] alsdec: validate time diff index
andreas.cadhalpun at googlemail.com
Mon Apr 20 23:20:40 CEST 2015
On 19.04.2015 22:20, Luca Barbato wrote:
> On 18/04/15 18:58, Andreas Cadhalpun wrote:
>> If begin is smaller than t, the subtraction 'begin -= t' wraps around,
>> because begin is unsigned. The same applies for end < t.
>> This causes segmentation faults.
> Actually, the access to raw_buffer seems a bit optimistic all over this
> I'd check that `master` is always between `raw_buffer` and the end of it.
You mean something like the attached patch?
> (I'm not sure if `div_blocks` is validated before, same for `offset`)
That should catch problems in those as well.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1790 bytes
Desc: not available
More information about the ffmpeg-devel