[FFmpeg-devel] [PATCH] RTSP-MS 14/15: ASF packet parsing
Ronald S. Bultje
Fri Jul 24 22:39:30 CEST 2009
On Mon, Jul 20, 2009 at 6:16 PM, Ronald S. Bultje<rsbultje at gmail.com> wrote:
> On Mon, Jul 20, 2009 at 6:14 PM, Michael Niedermayer<michaelni at gmx.at> wrote:
>> the updated p can have any value the attacker chooses if he can make
>> len have any value and i think he can but maybe i miss something ...
> Ah, integer overflows, of course. Will fix.
See attached, I added a if (end < p) return; at the top, that ensures
that any access to p is within range and doesn't overflow.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 9065 bytes
Desc: not available
More information about the ffmpeg-devel