[FFmpeg-devel] [PATCH v2] avformat/dashdec: fix memleak for commit commit e134c203
Steven Liu
lq at chinaffmpeg.org
Fri Mar 20 14:35:07 EET 2020
> 2020年3月20日 下午8:25,Nicolas George <george at nsup.org> 写道:
>
>> The end can be null, there can only maxFrameRate=25, or maxFrameRate=60/2.
>
> It is a value from the outside, you can't trust it on pail of security
> exploit.
Yes, av_strtok get the first part and the other part,
And use the strtol get the first part to long, it check the string range, and get the endpoint of (not number part.)
The end is same as the first part.
I cannot sure if I misunderstand the usage, I think I need one example of the security exploit.
>
>> Just tell the user this value is incorrect in mpd, the result maybe does not accord with the expected result.
>> User should check the mpd file content is correct.
>
> Which user knows about the mpd?
I think you are right , let me think how to do it.
Thanks
Steven Liu
More information about the ffmpeg-devel
mailing list