[FFmpeg-devel] [PATCH] mp4toannexb modification / improvement
Michael Niedermayer
michaelni
Tue Jun 8 20:52:07 CEST 2010
On Tue, Jun 08, 2010 at 08:42:04PM +0200, Luca Abeni wrote:
> Hi Michael,
>
> On 08/06/10 20:21, Michael Niedermayer wrote:
> [...]
>>> codec->bit_rate = icodec->bit_rate;
>>> - codec->extradata= icodec->extradata;
>>> + codec->extradata= av_mallocz(icodec->extradata_size +
>>> FF_INPUT_BUFFER_PADDING_SIZE);
>>> + if (!codec->extradata)
>>> + goto fail;
>>> + memcpy(codec->extradata, icodec->extradata,
>>> icodec->extradata_size);
>>
>> while it is quite obscure but the + could overflow and lead to a
>> successfull allocation of a too small buffer
>
> Thanks for pointing this out... Would something like
> uint64_t extra_size = (uint64_t)icodec->extradata_size +
> FF_INPUT_BUFFER_PADDING_SIZE;
> if (extra_size > INT_MAX)
> goto fail;
> be enough to fix the problem?
yes
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Breaking DRM is a little like attempting to break through a door even
though the window is wide open and the only thing in the house is a bunch
of things you dont want and which you would get tomorrow for free anyway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100608/9f7a9aca/attachment.pgp>
More information about the ffmpeg-devel
mailing list