[FFmpeg-cvslog] Bitmap Brothers JV demuxer
Reimar Döffinger
Reimar.Doeffinger
Fri Mar 11 19:36:45 CET 2011
On Fri, Mar 11, 2011 at 12:50:27PM +0100, Peter Ross wrote:
> + ast->index_entries = av_malloc(ast->nb_index_entries * sizeof(*ast->index_entries));
> + if (!ast->index_entries)
> + return AVERROR(ENOMEM);
> +
> + jv->frames = av_malloc(ast->nb_index_entries * sizeof(JVFrame));
This is inconsistent, should use sizeof(*jv->frames)
> + jvf->video_size = avio_rl32(pb);
> + int size = jvf->video_size + (jvf->palette ? 768 : 0);
> + if (av_new_packet(pkt, size + 5))
These can overflow, unless I miss something?
More information about the ffmpeg-cvslog
mailing list