[FFmpeg-devel] [PATCH] vp3: Fix out of bounds write.

Reimar Döffinger Reimar.Doeffinger at gmx.de
Thu Apr 12 20:24:33 CEST 2012

On Thu, Apr 12, 2012 at 12:21:24PM +0200, Michael Niedermayer wrote:
> On Wed, Apr 11, 2012 at 06:09:51PM -0700, dalecurtis at chromium.org wrote:
> > From: Dale Curtis <dalecurtis at chromium.org>
> > 
> > On corrupt or malicious files, filter_limit can be >= 128 leading
> > to an out of bounds write.
> how can filter_limit become >= 128 ?

I see absolutely no way. But even if there was, it's value should
be clamped (or even faster just & 127) but certainly not a condition
be added inside the loop.

> if this cant be reproduced anymore, adding an av_assert0(<128)
> would make sense just to be sure.

That seems reasonable, after it is at most called once per frame
so such a check wouldn't hurt.

More information about the ffmpeg-devel mailing list