[FFmpeg-devel] [RFC] Avoid av_read_frame memory copy in implementation

Ronald S. Bultje rsbultje
Fri May 28 16:46:32 CEST 2010


On Fri, May 28, 2010 at 10:46 AM, Cyril Russo
<stage.nexvision at laposte.net> wrote:
> Ok, so I don't understand the code at all.
> I've stopped on this code in av_dup_packet which is too mentally disturbing
> to understand:
> if((unsigned)pkt->size > (unsigned)pkt->size + FF_INPUT_BUFFER_PADDING_SIZE)
> ? ?return AVERROR(ENOMEM);

Calm down dude. :-). The code is a safety mechanism which prevents an
integer overflow for very large values of pkt->size. It is very
unlikely to happen for regular video/audio files, but more likely part
of specially crafted packets/files intended to crash/exploit FFmpeg.


More information about the ffmpeg-devel mailing list