[FFmpeg-devel] [libav-devel] [PATCH] xwddec: prevent overflow of lsize * avctx->height

Michael Niedermayer michael at niedermayer.cc
Sat Dec 19 14:23:37 CET 2015


On Sat, Dec 19, 2015 at 12:17:42PM +0100, Andreas Cadhalpun wrote:
> On 19.12.2015 01:32, Michael Niedermayer wrote:
> > On Fri, Dec 18, 2015 at 08:13:06PM +0100, Andreas Cadhalpun wrote:
> >>  xwddec.c |    6 ++++++
> >>  1 file changed, 6 insertions(+)
> >> 0be27d89a669445b523bfdac99884065e3581f3c  0001-xwddec-prevent-overflow-of-lsize-avctx-height.patch
> >> From fb40616d7b432680b92dc3adc44a5b5d12fac55d Mon Sep 17 00:00:00 2001
> >> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> >> Date: Fri, 18 Dec 2015 19:28:51 +0100
> >> Subject: [PATCH] xwddec: prevent overflow of lsize * avctx->height
> >>
> >> This is used to check if the input buffer is larger enough, so if this
> >> overflows it can cause a false negative leading to a segmentation fault
> >> in bytestream2_get_bufferu.
> > 
> > cant the addition overflow too in the input buffer check ?
> 
> Probably.
> 
> > if so then using 64bit in the input buffer check would avoid the
> > need for a explicit check on lsize
> 
> Indeed, that's simpler. New patch attached.

LGTM

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Observe your enemies, for they first find out your faults. -- Antisthenes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20151219/c4fc8b38/attachment.sig>


More information about the ffmpeg-devel mailing list