[FFmpeg-devel] [PATCH] OpenEXR decoder rev-7

[Jimmy Christensen]

On 2009-07-03 11:09, Jimmy Christensen wrote:
> On 2009-07-03 11:04, Jimmy Christensen wrote:
>>
>> Have updated a lot of things and restructured the code a bit.
>>
>> Still using the reference 32-bit float converter as I couldn't figure
>> out how to make a function like Reimar's, work for 32-bit float.
>>
>> Reimar, perhaps you could help me out? :)
>>
>>>
>>>> + strcpy(variable_buffer_name, buf);
>>>> + buf += strlen(variable_buffer_name)+1;
>>>> + strcpy(variable_buffer_type, buf);
>>>> + buf += strlen(variable_buffer_type)+1;
>>>
>>> One possible buffer overflow after the other.
>>> Apart from that, I don't see the point why you make those copies,
>>> variable_buffer_type is not used at all, and variable_buffer_name can
>>> be compared in-place.
>>
>> Not sure how to do this otherwise. The variable_buffer_name is always of
>> different size and only uses 0x0 as a delimiter. Keeping the
>> variable_buffer_type is to be able to use it for later in the
>> interpretation of the different variables. And it also serves for the
>> purpose of knowing how many bytes to skip to get to the actual data.
>>
>> Everything else should hopefully be fixed.
>
> Just realized out that the 32-bit path will not work on big endian
> systems. This patch should fix it.

Reworked the header parser to hopefully be more secure.




-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenEXR-rev7.diff
Type: text/x-patch
Size: 17141 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090705/e4211994/attachment.bin>