[FFmpeg-devel] [libav-devel] [PATCH] alsdec: validate time diff index

Thilo Borgmann thilo.borgmann at mail.de
Tue Apr 21 08:14:29 CEST 2015


Am 20.04.15 um 23:20 schrieb Andreas Cadhalpun:
> On 19.04.2015 22:20, Luca Barbato wrote:
>> On 18/04/15 18:58, Andreas Cadhalpun wrote:
>>> If begin is smaller than t, the subtraction 'begin -= t' wraps around,
>>> because begin is unsigned. The same applies for end < t.
>>>
>>> This causes segmentation faults.
>>
>> Actually, the access to raw_buffer seems a bit optimistic all over this
>> code.
>>
>> I'd check that `master` is always between `raw_buffer` and the end of it.
> 
> You mean something like the attached patch?
> 
>> (I'm not sure if `div_blocks` is validated before, same for `offset`)
> 
> That should catch problems in those as well.

Have you tested with fate after applying this patch locally?

-Thilo



More information about the ffmpeg-devel mailing list