[FFmpeg-devel] [PATCH]lavc/pnmdec: Do not fail by default for truncated pbm files
Paul B Mahol
onemda at gmail.com
Mon Sep 5 11:26:46 EEST 2016
On 9/5/16, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
> 2016-09-05 9:21 GMT+02:00 Michael Niedermayer <michael at niedermayer.cc>:
>> On Sun, Sep 04, 2016 at 08:58:44PM +0200, Carl Eugen Hoyos wrote:
>
>>> @@ -159,6 +163,8 @@ static int pnm_decode_frame(AVCodecContext *avctx,
>>> void *data,
>>> }
>>> }else{
>>> for (i = 0; i < avctx->height; i++) {
>>> + if (s->bytestream + n > s->bytestream_end)
>>> + continue;
>>
>> having a pointer point outside of 0..array length is undefined
>> behaviour (and can overflow in principle)
>
>
> New patch attached.
It seems this patch disables check for all cases when experimental is enabled,
but check for overflow in only one case.
More information about the ffmpeg-devel
mailing list