[FFmpeg-devel] [libav-devel] [PATCH] exr: fix out of bounds read in get_code

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Mon Dec 14 23:50:03 CET 2015


On 14.12.2015 22:37, Luca Barbato wrote:
> On 13/12/15 23:37, Andreas Cadhalpun wrote:
>> This macro unconditionally used out[-1], which causes an out of bounds
>> read, if out is the very beginning of the buffer.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>>  libavcodec/exr.c | 10 +++++-----
>>  1 file changed, 5 insertions(+), 5 deletions(-)
>>
> 
> When is it happening?

When get_code is called for the first time, out is the beginning of the buffer.
If then the 'po == rlc' branch is used, 's = out[-1]' is invalid.

Best regards,
Andreas



More information about the ffmpeg-devel mailing list