[FFmpeg-soc] BFI Decoder
Sisir Koppaka
sisir.koppaka at gmail.com
Wed Apr 16 23:11:15 CEST 2008
On Thu, Apr 17, 2008 at 2:31 AM, Michael Niedermayer <michaelni at gmx.at>
wrote:
> [...]
> > while (dst != frame_end) {
> > byte = *buf++;
> > code = byte >> 6;
> > length = byte & ~0xC0;
> > switch (code) {
> > case 0: //Normal Chain
> > if (length == 0) {
> > length = bytestream_get_le16(&buf);
> > }
> > bytestream_get_buffer(&buf, dst, length);
>
> exploitable
>
Do you mean like if somebody changes the dst pointer to point to some other
stuff? I can think of alternatives like reading byte-by-byte, using similar
functions, but in all of them, the dst pointer could be changed...if that's
the exploitable code here. If I'm wrong, can you please explain?
-----------------
Sisir Koppaka
More information about the FFmpeg-soc
mailing list