[FFmpeg-devel] [PATCH] lavc/mmvideo: fix potential buffer overread in mm_decode_pal()

Paul B Mahol onemda at gmail.com
Wed Jul 25 14:36:11 CEST 2012


On 7/25/12, Stefano Sabatini <stefasab at gmail.com> wrote:
> Add missing buffer check.

1: that check is not missing (in security sense).
2: why you are checking this in for loop?
3: if you are checking for left bytes why you are checking it again in
call bellow using checked bytestream2 function
(bytestrean2_get_be24())?
4: commit message is incorrect.

> ---
>  libavcodec/mmvideo.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c
> index 3e6cb1a..ed2d405 100644
> --- a/libavcodec/mmvideo.c
> +++ b/libavcodec/mmvideo.c
> @@ -71,7 +71,7 @@ static int mm_decode_pal(MmContext *s)
>      int i;
>
>      bytestream2_skip(&s->gb, 4);
> -    for (i = 0; i < 128; i++) {
> +    for (i = 0; i < 128 && bytestream2_get_bytes_left(&s->gb) >= 3; i++) {
>          s->palette[i] = 0xFF << 24 | bytestream2_get_be24(&s->gb);
>          s->palette[i+128] = s->palette[i]<<2;
>      }
> --
> 1.7.5.4
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>


More information about the ffmpeg-devel mailing list