[FFmpeg-devel] More ALS buffer overflows
Fri Feb 19 03:33:59 CET 2010
Reimar D?ffinger <Reimar.Doeffinger at gmx.de> writes:
> That patch is not at all a solution for this issue, at best it will hide it,
> while leaving the possibly exploitable code in.
> The issue here is that the following code snipped has either wrong or missing
> boundary checks:
> current_res = bd->raw_samples + start;
> for (sb = 0; sb < sub_blocks; sb++, start = 0)
> for (; start < sb_length; start++)
> *current_res++ = decode_rice(gb, s[sb]);
The patch fixes a real bug regardless of range checks.
mans at mansr.com
More information about the ffmpeg-devel