[FFmpeg-devel] [PATCH] IVF demuxer
David Conrad
lessen42
Sat May 22 00:10:28 CEST 2010
On May 21, 2010, at 1:23 AM, Reimar D?ffinger wrote:
> On Thu, May 20, 2010 at 09:26:23PM -0400, David Conrad wrote:
>> + int ret, size = get_le32(s->pb);
>
> Forgot: reading a 32 bit value into a signed int and using it
> in av_get_packet without range check seems like a really bad idea to me.
av_get_packet has if((unsigned)size < (unsigned)size + FF_INPUT_BUFFER_PADDING_SIZE)
which should check for it (though iirc there were some questions about it relied on undefined overflow behaviour?)
More information about the ffmpeg-devel
mailing list