[FFmpeg-devel] More ALS buffer overflows

Måns Rullgård mans
Fri Feb 19 03:33:59 CET 2010

Reimar D?ffinger <Reimar.Doeffinger at gmx.de> writes:

> That patch is not at all a solution for this issue, at best it will hide it,
> while leaving the possibly exploitable code in.
> The issue here is that the following code snipped has either wrong or missing
> boundary checks:
>         current_res = bd->raw_samples + start;
>         for (sb = 0; sb < sub_blocks; sb++, start = 0)
>             for (; start < sb_length; start++)
>                 *current_res++ = decode_rice(gb, s[sb]);

The patch fixes a real bug regardless of range checks.

M?ns Rullg?rd
mans at mansr.com

More information about the ffmpeg-devel mailing list