[FFmpeg-devel] [libav-devel] [PATCH] vp8: Fix off by one allocation leading to oob read/write.

Dale Curtis dalecurtis at chromium.org
Fri Apr 13 01:04:51 CEST 2012


After testing on several architectures and platforms, I can't reproduce
this issue on master anymore. Sorry for the false alarm, this patch can be
abandoned.

- dale

On Wed, Apr 11, 2012 at 7:31 PM, Dale Curtis <dalecurtis at chromium.org>wrote:

> Hurm, oddly I'm unable to reproduce the problem anymore. I'll dig on this
> more and update tomorrow.
>
> - dale
>
> On Wed, Apr 11, 2012 at 6:25 PM, Sean McGovern <gseanmcg at gmail.com> wrote:
>
>>
>>
>> On Wednesday, April 11, 2012, Jason Garrett-Glaser <jason at x264.com>
>> wrote:
>> > On Wed, Apr 11, 2012 at 6:14 PM,  <dalecurtis at chromium.org> wrote:
>> >> From: Dale Curtis <dalecurtis at chromium.org>
>> >>
>> >> It's possible this is due to an incorrect calculation elsewhere,
>> >> but my expertise ran out.
>> >
>> > How can this be right?  top_nnz is only accessed as top_nnz[mb_x], and
>> > mb_x must be < s->mb_width.
>>
>> Does this condition only happen on crafted files?
>>
>> -- Sean McG.
>> _______________________________________________
>> libav-devel mailing list
>> libav-devel at libav.org
>> https://lists.libav.org/mailman/listinfo/libav-devel
>>
>>
>


More information about the ffmpeg-devel mailing list