[FFmpeg-devel] [PATCH 1/4] jvdec: stop reading partial palette

Michael Niedermayer michaelni at gmx.at
Tue Jul 3 14:16:48 CEST 2012


On Tue, Jul 03, 2012 at 12:00:31PM +0000, Paul B Mahol wrote:
> Signed-off-by: Paul B Mahol <onemda at gmail.com>
> ---
>  libavcodec/jvdec.c |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c
> index 728b749..27298e3 100644
> --- a/libavcodec/jvdec.c
> +++ b/libavcodec/jvdec.c
> @@ -174,8 +174,8 @@ static int decode_frame(AVCodecContext *avctx,
>          }
>      }
>  
> -    if (buf < buf_end) {
> -        for (i = 0; i < AVPALETTE_COUNT && buf + 3 <= buf_end; i++) {

> +    if (buf + AVPALETTE_COUNT * 3 <= buf_end) {

buf + AVPALETTE_COUNT * 3  could theoretically overflow
otherwise LGTM

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Observe your enemies, for they first find out your faults. -- Antisthenes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120703/334ba464/attachment.asc>


More information about the ffmpeg-devel mailing list