[FFmpeg-devel] [PATCH] check for overflow in wmv decoding (roundup issue 1670)

Michael Niedermayer michaelni
Sun Jan 2 23:44:21 CET 2011


On Sun, Jan 02, 2011 at 05:35:17PM -0500, Daniel Kang wrote:
> On Sun, Jan 2, 2011 at 4:53 PM, Daniel Kang <daniel.d.kang at gmail.com> wrote:
> 
> >
> > As part of a Google Code-In task, I have written a patch to fix the bug
> > in roundup issue 1670. The issue occurs because there is a sanity check
> > on s->avctx->extradata_size, but not on s->avctx->extradata_size*8,
> > which overflows in some cases. My patch updates the sanity check.
> > Are there any comments?
> >
> I have been informed (thanks to uau) that a better way to solve this is
> the attached patch. Instead of checking for overflow, the init_get_bits
> only sets 32 bits, as the function reads 25 bits.

>  wmv2dec.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> fd8e6e9acd435359c31d7e8bd8eecebd4813e406  wmv_crash_fix.diff
> From bb0497cd800a25c41f274af4f12b1d002a97069a Mon Sep 17 00:00:00 2001
> From: Daniel Kang <daniel.d.kang at gmail.com>
> Date: Sun, 2 Jan 2011 17:27:57 -0500
> Subject: [PATCH] Better fix for overflow error

lgtm

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Let us carefully observe those good qualities wherein our enemies excel us
and endeavor to excel them, by avoiding what is faulty, and imitating what
is excellent in them. -- Plutarch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20110102/eac5137f/attachment.pgp>



More information about the ffmpeg-devel mailing list