[FFmpeg-devel] [PATCH 5/7] Check for out of bound reads in the flic decoder.

Laurent Aimar fenrir at elivagar.org
Wed Sep 28 01:10:53 CEST 2011


On Wed, Sep 28, 2011 at 12:48:41AM +0200, Michael Niedermayer wrote:
> On Tue, Sep 27, 2011 at 11:43:55PM +0200, fenrir at elivagar.org wrote:
> > From: Laurent Aimar <fenrir at videolan.org>
> 
> 
> [...]
> > @@ -218,6 +222,9 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
> >                  if (color_changes == 0)
> >                      color_changes = 256;
> >  
> > +                if (stream_ptr + color_changes * 3 > stream_ptr_after_chunk)
> > +                    break;
> > +
> 
> the addition as well as others can overflow, not really a big issue,
> as its near impossible to happen in practice so this could probably
> be applied as is if you prefer
 No, I prefer to get it right, it's easier to maintain I think.

 Mmh, it can only overflow if stream_ptr is above or equal to
INT_MAX - (3*256 + something_smaller_than_FF_INPUT_BUFFER_PADDING_SIZE) I
think. The other additions are all smaller than that.

 Also, there was an invalid test that I removed.

Patch attached.

-- 
fenrir

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Check-for-out-of-bound-reads-in-the-flic-decoder.patch
Type: text/x-diff
Size: 8235 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110928/b1d37d19/attachment.bin>


More information about the ffmpeg-devel mailing list