[FFmpeg-devel] [PATCH] asf*.c/h: use AVFormatContext->packet_size instead of own copy

Michael Niedermayer michaelni
Wed Apr 22 16:02:14 CEST 2009


On Wed, Apr 22, 2009 at 09:20:15AM -0400, Ronald S. Bultje wrote:
> Hi,
> 
> On Wed, Apr 22, 2009 at 9:07 AM, Michael Niedermayer <michaelni at gmx.at> wrote:
> > your patch probably introduces sec holes or at least bugs due to
> > signedness change.
> 
> Indeed possible sechole, attached is a minimal change to fix that
> (asfenc.c is unaffected because it always sets it to 3200)...

changing the packet_size to signed is rejected
i will not spend my time reviewing the security implications of this
obviously sematically incorrect change

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

it is not once nor twice but times without number that the same ideas make
their appearance in the world. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090422/b2580475/attachment.pgp>



More information about the ffmpeg-devel mailing list