[FFmpeg-devel] [PATCH] prevent buffer overflow with large a/mulaw frames
Baptiste Coudurier
baptiste.coudurier
Sun Jul 26 06:42:52 CEST 2009
Hi Peter,
On 07/25/2009 09:19 PM, Peter Ross wrote:
> Hi,
>
> This patch prevents alaw/mulaw decoders from writing beyond the output buffer.
>
> Note that this prevents the segfault reported by 1174, *but* it doesn't
> fix the underlying problem (which appears to be a bug in our avi demuxer;
> the MPlayer demuxer has no problems this file).
>
> More info: http://roundup.ffmpeg.org/roundup/ffmpeg/issue1174
>
> -- Peter
> (A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
>
>
> ------------------------------------------------------------------------
>
> Index: libavcodec/pcm.c
> ===================================================================
> --- libavcodec/pcm.c (revision 19454)
> +++ libavcodec/pcm.c (working copy)
> @@ -468,6 +468,7 @@
> break;
> case CODEC_ID_PCM_ALAW:
> case CODEC_ID_PCM_MULAW:
> + n = FFMIN(n, AVCODEC_MAX_AUDIO_FRAME_SIZE>> 1);
> for(;n>0;n--) {
> *samples++ = s->table[*src++];
> }
I think output buffer size is stored in *data_size.
Code should check against this, but it seems it is already. Is the check
wrong ?
Code is:
buf_size= FFMIN(buf_size, *data_size/2);
*data_size=0;
n = buf_size/sample_size;
--
Baptiste COUDURIER GnuPG Key Id: 0x5C1ABAAA
Key fingerprint 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
FFmpeg maintainer http://www.ffmpeg.org
More information about the ffmpeg-devel
mailing list