[FFmpeg-devel] [PATCH 3/3] rawdec: only exempt BIT0 with need_copy from buffer sanity check
Michael Niedermayer
michael at niedermayer.cc
Sun Dec 20 01:11:32 CET 2015
On Sat, Dec 19, 2015 at 11:49:14PM +0100, Andreas Cadhalpun wrote:
> Otherwise the too samll buffer is directly used in the frame, causing
> segmentation faults, when trying to use the frame.
>
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
> libavcodec/rawdec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/rawdec.c b/libavcodec/rawdec.c
> index 611178f..50cee39 100644
> --- a/libavcodec/rawdec.c
> +++ b/libavcodec/rawdec.c
> @@ -257,7 +257,7 @@ static int raw_decode(AVCodecContext *avctx, void *data, int *got_frame,
> buf += buf_size - context->frame_size;
>
> len = context->frame_size - (avctx->pix_fmt==AV_PIX_FMT_PAL8 ? AVPALETTE_SIZE : 0);
> - if (buf_size < len && (avctx->codec_tag & 0xFFFFFF) != MKTAG('B','I','T', 0)) {
> + if (buf_size < len && ((avctx->codec_tag & 0xFFFFFF) != MKTAG('B','I','T', 0) || !need_copy)) {
> av_log(avctx, AV_LOG_ERROR, "Invalid buffer size, packet size %d < expected frame_size %d\n", buf_size, len);
> av_buffer_unref(&frame->buf[0]);
> return AVERROR(EINVAL);
should be ok, alterantively you could also force need_copy in these
cases
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Republics decline into democracies and democracies degenerate into
despotisms. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20151220/fe0c1cf7/attachment.sig>
More information about the ffmpeg-devel
mailing list