[FFmpeg-devel] [PATCH] dvenc: Prevent out-of-bounds read

Derek Buitenhuis derek.buitenhuis at gmail.com
Fri Nov 17 19:05:33 EET 2017


On 11/17/2017 4:42 PM, Martin Vignali wrote:
> doesn't know the dvenc code,
> but you seems to test the assert of the next line
> 
> Maybe move the assert (a2 < 4); before the for loop, if it's a theorical
> case,
> or remove it if this case can really happen.

I don't see anything that would prevent it from happening, but the code
is also about as clear as mud.

In general, I think I prefer a real check to an assert, unless someone
can explain why it *wouldn't* happen.

After git blame-ing my way through roughly 166393765431 "K&R formatting"
and "refactor" commits, the original code comes from the ancient commit of 
d2d230a7569154306a1625ca37dbfa4c36627ec6 which provides no info whatsoever
on why it is correct at all.

CCing Michael, as he authored that commit - maybe he can provide insight.

- Derek


More information about the ffmpeg-devel mailing list