[FFmpeg-devel] [PATCH] ac3: validate end in ff_ac3_bit_alloc_calc_mask
Michael Niedermayer
michaelni at gmx.at
Thu Apr 16 23:04:24 CEST 2015
On Thu, Apr 16, 2015 at 09:25:26PM +0200, Andreas Cadhalpun wrote:
> This fixes an invalid read if end is 0:
> band_end = ff_ac3_bin_to_band_tab[end-1] + 1;
>
> Depending on what is before the array, this can cause stack smashing,
> when band_end becomes too large.
>
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
> libavcodec/ac3.c | 3 +++
> 1 file changed, 3 insertions(+)
i think it would be better to (also) error out earlier when end_freq
would not be set to a valid value
but checking in ff_ac3_bit_alloc_calc_mask() is possibly more robust
so applied
thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
He who knows, does not speak. He who speaks, does not know. -- Lao Tsu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150416/a88dd116/attachment.asc>
More information about the ffmpeg-devel
mailing list