[FFmpeg-soc] [soc]: r5646 - mms/mmst.c
Ronald S. Bultje
rsbultje at gmail.com
Wed Mar 10 18:00:39 CET 2010
Hi Zhentan,
On Wed, Mar 10, 2010 at 10:42 AM, spyfeng <subversion at mplayerhq.hu> wrote:
> + /* read packet size */
> + if (end - p > sizeof(ff_asf_guid) * 2 + 64) {
> + mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64);
> + return 0;
> + }
I actually made a mistake here, this is a potential buffer overread.
The top line should be:
[..]
if (end - p > sizeof(ff_asf_guid) * 2 + 68) {
[..]
Ronald
More information about the FFmpeg-soc
mailing list