[FFmpeg-devel] [PATCH] dvbsubdec: check against buffer overreads

Måns Rullgård mans
Thu Feb 10 21:08:50 CET 2011


Reimar D?ffinger <Reimar.Doeffinger at gmx.de> writes:

>> -    while (p < p_end && *p == 0x0f) {
>> +    while (p_end - p >= 6 && *p == 0x0f) {
>
> Just to be pedantic: while this is nicer, thanks to required padding
> your original version could not overflow, so wasn't actually wrong.

Why not?  It is certainly possible to place a buffer less than 6 bytes
from the end of the address space.  It doesn't usually happen on real
systems, but that's irrelevant.

-- 
M?ns Rullg?rd
mans at mansr.com



More information about the ffmpeg-devel mailing list