[FFmpeg-devel] [PATCH] ffmdec: sanitize codec parameters

James Almer jamrial at gmail.com
Mon Nov 21 15:42:51 EET 2016


On 11/21/2016 4:21 AM, Rostislav Pehlivanov wrote:
> On 17 November 2016 at 00:08, Andreas Cadhalpun <
> andreas.cadhalpun at googlemail.com> wrote:
> 
>> All the fields can be set via options read from the ffm file and thus
>> have to be sanitized.
>>
>> A negative extradata size for example gets passed to memcpy in
>> avcodec_parameters_from_context causing a segmentation fault.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>>
>>
> The ffm demuxer and ffserver will be removed before the next release (no
> getting out of this, Reynaldo),
> so it'll be pointless but whatever.

ffm de/muxers can't be removed until there's a major bump. So while
ffserver will be removed in the next version, ffm will depend on what 
happens with the libraries.



More information about the ffmpeg-devel mailing list