[FFmpeg-devel] [PATCH 6/6] avcodec/mpeg4videodec: Check for bitstream end in read_quant_matrix_ext()
Michael Niedermayer
michael at niedermayer.cc
Wed Jul 4 23:31:46 EEST 2018
On Wed, Jul 04, 2018 at 03:03:03AM +0200, Michael Niedermayer wrote:
> On Tue, Jul 03, 2018 at 11:52:59PM +0200, Carl Eugen Hoyos wrote:
> > 2018-07-03 23:05 GMT+02:00, Michael Niedermayer <michael at niedermayer.cc>:
> > > Fixes: out of array read
> > > Fixes: asff-crash-0e53d0dc491dfdd507530b66562812fbd4c36678
> > >
> > > Found-by: Paul Ch <paulcher at icloud.com>
> > > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > > ---
> > > libavcodec/mpeg4videodec.c | 11 ++++++++++-
> > > 1 file changed, 10 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
> > > index 2df525e03a..24c280df46 100644
> > > --- a/libavcodec/mpeg4videodec.c
> > > +++ b/libavcodec/mpeg4videodec.c
> > > @@ -2867,11 +2867,13 @@ static int decode_vop_header(Mpeg4DecContext *ctx,
> > > GetBitContext *gb)
> > > return 0;
> > > }
> > >
> > > -static void read_quant_matrix_ext(MpegEncContext *s, GetBitContext *gb)
> > > +static int read_quant_matrix_ext(MpegEncContext *s, GetBitContext *gb)
> >
> > Why is changing the return type of this function useful (in the context
> > of the actual patch)?
>
> Its just more in line with how the code should be.
> Full error checking, reporting and handling such errors.
> The patch does only the hunks needed to fix this (easy backportable i assume)
> if i leave the return type and just return, i will need a future patch that
> changes the very same lines to return an error
will apply as this issue was reported by a 2nd researcher it seems already
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The bravest are surely those who have the clearest vision
of what is before them, glory and danger alike, and yet
notwithstanding go out to meet it. -- Thucydides
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180704/083744d7/attachment.sig>
More information about the ffmpeg-devel
mailing list