[Ffmpeg-devel] [PATCH] THP PCM decoder (GSoC Qualification)
Rich Felker
dalias
Fri Apr 6 17:05:57 CEST 2007
On Fri, Apr 06, 2007 at 11:30:07AM +0200, Marco Gerards wrote:
> Michael Niedermayer <michaelni at gmx.at> writes:
>
> Hi,
>
> >> Or what are the bugs you mean?
> >
> > buffer overflow / segfault / exploit / ...
>
> Oh, I multiplied with st, but I should have multiplied with (st + 1).
> I have included a new patch. If there are still bugs on this single
> line, I either don't understand what you mean or I just don't see it
> because I am misunderstanding something.
>
> What I currently have is:
> + if (samples + samplecnt * (st + 1) >= samples_end) {
samples + samplecnt * (st + 1) might be a very small pointer, unless
you have some control on the magnitude of samplecnt and st. A safe
formulation would be something like:
if (samplecnt >= (samples_end - samples) / (st + 1))
or similar. (Disclaimer: I have not looked at the rest of the code so
I don't know if this is right. I was just applying a standard
correction procedure.)
> I read this as: if (address_of_last_sample >= last_address_of_buffer_plus_one) {
This is also incorrect..
Rich
More information about the ffmpeg-devel
mailing list