[Ffmpeg-devel] [PATCH] THP PCM decoder (GSoC Qualification)

Michael Niedermayer michaelni
Fri Apr 6 12:10:44 CEST 2007


Hi

On Fri, Apr 06, 2007 at 11:30:07AM +0200, Marco Gerards wrote:
> Michael Niedermayer <michaelni at gmx.at> writes:
> 
> Hi,
> 
> >> Or what are the bugs you mean?
> >
> > buffer overflow / segfault / exploit / ...
> 
> Oh, I multiplied with st, but I should have multiplied with (st + 1).

yes


> I have included a new patch.  If there are still bugs on this single
> line, I either don't understand what you mean or I just don't see it
> because I am misunderstanding something.
> 
> What I currently have is:
> +        if (samples + samplecnt * (st + 1) >= samples_end) {

that contains one bug and a fairly serious one, it still doenst
catch all buffer overflow cases


> 
> I read this as: if (address_of_last_sample >= last_address_of_buffer_plus_one) {

this line is equivalent to the one above so it also contains the bug

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Those who are too smart to engage in politics are punished by being
governed by those who are dumber. -- Plato 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070406/5b5ac3cd/attachment.pgp>



More information about the ffmpeg-devel mailing list