[FFmpeg-devel] bad arguments to init_put_bits

Michael Niedermayer michaelni at gmx.at
Thu Feb 26 20:45:50 CET 2015


On Thu, Feb 26, 2015 at 10:42:06AM -0800, Dyami Caliri wrote:
> The init_put_bits() function (in libavcodec/put_bits.h) takes a buffer and
> a buffer size (in bytes). Several of the encoders are passing the buffer
> size in bits, by multiplying the buffer size by 8. This is incorrect.
> We saw this problem when encoding a ProRes (Anatoliy) file at size
> 4096x4096. Debugging showed that the buffer size was very large, and when
> multiplied by 8, it was interpreted as a negative number. This caused
> the init_put_bits()
> to zero out the buffer, leading to a crash.
> The attached patch fixes the argument to init_put_bits in all of the cases
> where the buffer size was multiplied by 8.
> You could use the patch or make the same change.

patch applied

but how can the crash be reproduced? the code shouldnt really crash
even without the patch


Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The real ebay dictionary, page 3
"Rare item" - "Common item with rare defect or maybe just a lie"
"Professional" - "'Toy' made in china, not functional except as doorstop"
"Experts will know" - "The seller hopes you are not an expert"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150226/99f2f514/attachment.asc>

More information about the ffmpeg-devel mailing list