[FFmpeg-devel] bad arguments to init_put_bits
Michael Niedermayer
michaelni at gmx.at
Thu Feb 26 20:45:50 CET 2015
Hi
On Thu, Feb 26, 2015 at 10:42:06AM -0800, Dyami Caliri wrote:
> The init_put_bits() function (in libavcodec/put_bits.h) takes a buffer and
> a buffer size (in bytes). Several of the encoders are passing the buffer
> size in bits, by multiplying the buffer size by 8. This is incorrect.
>
> We saw this problem when encoding a ProRes (Anatoliy) file at size
> 4096x4096. Debugging showed that the buffer size was very large, and when
> multiplied by 8, it was interpreted as a negative number. This caused
> the init_put_bits()
> to zero out the buffer, leading to a crash.
>
> The attached patch fixes the argument to init_put_bits in all of the cases
> where the buffer size was multiplied by 8.
>
> You could use the patch or make the same change.
patch applied
but how can the crash be reproduced? the code shouldnt really crash
even without the patch
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The real ebay dictionary, page 3
"Rare item" - "Common item with rare defect or maybe just a lie"
"Professional" - "'Toy' made in china, not functional except as doorstop"
"Experts will know" - "The seller hopes you are not an expert"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150226/99f2f514/attachment.asc>
More information about the ffmpeg-devel
mailing list