[FFmpeg-devel] [PATCH] avcodec/utils: do_decode: Assert that the decoder return value is not larger than the packet size
Michael Niedermayer
michael at niedermayer.cc
Fri Apr 22 11:59:14 CEST 2016
On Fri, Apr 22, 2016 at 09:11:52AM +0200, wm4 wrote:
> On Fri, 22 Apr 2016 05:14:30 +0200
> Michael Niedermayer <michael at niedermayer.cc> wrote:
>
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavcodec/utils.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/libavcodec/utils.c b/libavcodec/utils.c
> > index 52e0d92..b35fabc 100644
> > --- a/libavcodec/utils.c
> > +++ b/libavcodec/utils.c
> > @@ -2738,6 +2738,7 @@ static int do_decode(AVCodecContext *avctx, AVPacket *pkt)
> > avctx->internal->draining_done = 1;
> >
> > if (ret >= pkt->size) {
> > + av_assert0(ret == pkt->size);
> > av_packet_unref(avctx->internal->buffer_pkt);
> > } else {
> > int consumed = ret;
>
> Basically all code using the "old" API expects that the decoder can
> read beyond the buffer (making use of input padding I suppose). So I
> think this is expected.
iam not aware of any decoder that would return such a overread size
also to double check this yesterday i tested this with a bunch of
fuzzed files before posting the patch and failed to find anything that
triggers the assert
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
I know you won't believe me, but the highest form of Human Excellence is
to question oneself and others. -- Socrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20160422/025bb71d/attachment.sig>
More information about the ffmpeg-devel
mailing list