[Ffmpeg-cvslog] r5487 - trunk/libavcodec/parser.c
Michael Niedermayer
michaelni
Sat Jun 17 10:14:51 CEST 2006
Hi
On Fri, Jun 16, 2006 at 10:41:34PM +0200, mru wrote:
> Author: mru
> Date: Fri Jun 16 22:41:33 2006
> New Revision: 5487
>
> Modified:
> trunk/libavcodec/parser.c
>
> Log:
> The AAC frame header uses 13 bits for the frame size, so the buffer should
> have room for such a frame. A frame that large seems unlikely in a valid
> file, but leaving room for it spares us the need to check it elsewhere.
> Moving the buffer to the end of the struct made debugging this easier.
>
>
> Modified: trunk/libavcodec/parser.c
> ==============================================================================
> --- trunk/libavcodec/parser.c (original)
> +++ trunk/libavcodec/parser.c Fri Jun 16 22:41:33 2006
> @@ -729,12 +729,12 @@
>
> /* also used for ADTS AAC */
> typedef struct AC3ParseContext {
> - uint8_t inbuf[4096]; /* input buffer */
> uint8_t *inbuf_ptr;
> int frame_size;
> int header_size;
> int (*sync)(const uint8_t *buf, int *channels, int *sample_rate,
> int *bit_rate, int *samples);
> + uint8_t inbuf[8192]; /* input buffer */
hmm, isnt that also a security fix, i mean that if something writes over the
end of inbuf then it would also overwrite the following function pointer
sync() amongth other things ...
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
In the past you could go to a library and read, borrow or copy any book
Today you'd get arrested for mere telling someone where the library is
More information about the ffmpeg-cvslog
mailing list