[FFmpeg-devel] [PATCH 0/2] Origin Wing Commander IV video decoder
Kostya
kostya.shishkov
Sun Feb 6 11:19:53 CET 2011
On Sat, Feb 05, 2011 at 11:03:38PM -0500, Ronald S. Bultje wrote:
> Hi,
>
> On Fri, Feb 4, 2011 at 5:47 PM, Kostya <kostya.shishkov at gmail.com> wrote:
> > +static int xan_decode_chroma(AVCodecContext *avctx, AVPacket *avpkt)
> [..]
> > + src = avpkt->data + 4 + chroma_off;
> > + table = src + 2;
> > + mode = bytestream_get_le16(&src);
> > + offset = bytestream_get_le16(&src) * 2;
> > +
> > + if (src + offset >= avpkt->data + avpkt->size) {
>
> This can still overflow, instead use src - avpkt->data >= avpkt->size
> - offset. Rest looks OK.
Chroma offset is checked earlier so the only way for it to overflow is when
data_size ~= 2^32 - 2^17 (offset is 16 bit shifted by one).
> Ronald
More information about the ffmpeg-devel
mailing list