[FFmpeg-devel] [PATCH] ac3_probe input buffer overrun
Michael Niedermayer
michaelni
Sat Sep 1 03:17:07 CEST 2007
Hi
On Sat, Sep 01, 2007 at 01:31:59AM +0200, Michael Niedermayer wrote:
> Hi
>
> On Tue, Aug 28, 2007 at 09:38:47AM -0000, Wolfram Gloger wrote:
> > Hi,
> >
> > I found this with valgrind.
> >
> > Regards,
> > Wolfram.
>
> > --- trunk/libavformat/raw.c 2007-08-11 17:29:37.000000000 +0200
> > +++ ffmpeg-test/libavformat/raw.c 2007-08-28 11:29:48.000000000 +0200
> > @@ -416,7 +416,7 @@
> > for(; buf < end; buf++) {
> > buf2 = buf;
> >
> > - for(frames = 0; buf2 < end; frames++) {
> > + for(frames = 0; buf2+7 <= end; frames++) {
> > if(ff_ac3_parse_header(buf2, &hdr) < 0)
> > break;
> > buf2 += hdr.frame_size;
>
> ac3 maintainer justin, ping!
and note:
#define AVPROBE_PADDING_SIZE 32 ///< extra allocated bytes at the end of the probe buffer
so this patch is likely wrong but i dunno how much ff_ac3_parse_header
can read or ...
note2, valgrind is buggy and sometimes claims uninitalized memory would be
used while it actually isnt!
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
it is not once nor twice but times without number that the same ideas make
their appearance in the world. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070901/d7d6b59f/attachment.pgp>
More information about the ffmpeg-devel
mailing list