[FFmpeg-devel] [PATCH] Try to fix issue 1973

Jean-Daniel Dupas devlists
Fri Feb 18 19:02:35 CET 2011

Le 18 f?vr. 2011 ? 18:34, Reimar D?ffinger a ?crit :

> On Fri, Feb 18, 2011 at 10:52:07AM +0100, Jean-Daniel Dupas wrote:
>> I would like to try to resubmit an old patch that try to fix a buffer overrun in the targa decoder.
>> It was rejected long ago after endless discussion about  white space and formatting.
>> I tried to fix all formatting issue, but if it remains one, don't bother to tell me, I'm not going to lose more time with this.
>> If you still prefer to reject a security fix because of a spurious white space, this is your choice.
>> If there is technical issue though, I'll be glad to fix them.
> I am sorry for your bad experience.
> I am afraid that I think there is a technical issue:
>> if(buf + needed > buf_end){
> buf + needed can overflow, thus incorrectly passing this check.
> The simple rule is to always but the thing to be validated
> on its own, i.e.
> if (needed > buf_end - buf)
> (note I still assume that needed cannot become negative).

Nice catch. I attach a version with the proposed change.

-- Jean-Daniel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: targa.patch
Type: application/octet-stream
Size: 5393 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20110218/06e55e1d/attachment.obj>

More information about the ffmpeg-devel mailing list