[FFmpeg-devel] [PATCH 5/7] Check for out of bound reads in the flic decoder.
Michael Niedermayer
michaelni at gmx.at
Wed Sep 28 02:43:22 CEST 2011
On Wed, Sep 28, 2011 at 01:10:53AM +0200, Laurent Aimar wrote:
> On Wed, Sep 28, 2011 at 12:48:41AM +0200, Michael Niedermayer wrote:
> > On Tue, Sep 27, 2011 at 11:43:55PM +0200, fenrir at elivagar.org wrote:
> > > From: Laurent Aimar <fenrir at videolan.org>
> >
> >
> > [...]
> > > @@ -218,6 +222,9 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
> > > if (color_changes == 0)
> > > color_changes = 256;
> > >
> > > + if (stream_ptr + color_changes * 3 > stream_ptr_after_chunk)
> > > + break;
> > > +
> >
> > the addition as well as others can overflow, not really a big issue,
> > as its near impossible to happen in practice so this could probably
> > be applied as is if you prefer
> No, I prefer to get it right, it's easier to maintain I think.
>
> Mmh, it can only overflow if stream_ptr is above or equal to
> INT_MAX - (3*256 + something_smaller_than_FF_INPUT_BUFFER_PADDING_SIZE) I
> think. The other additions are all smaller than that.
>
> Also, there was an invalid test that I removed.
>
> Patch attached.
>
> --
> fenrir
>
> flicvideo.c | 44 +++++++++++++++++++++++++++++---------------
> 1 file changed, 29 insertions(+), 15 deletions(-)
> 50a6eba8d27b7e6a7ed52a77bd47924c674115c0 0001-Check-for-out-of-bound-reads-in-the-flic-decoder.patch
> From bca36eede252a4b9a37b224b97cc009d59f9b880 Mon Sep 17 00:00:00 2001
> From: Laurent Aimar <fenrir at videolan.org>
> Date: Tue, 27 Sep 2011 22:05:15 +0200
> Subject: [PATCH] Check for out of bound reads in the flic decoder.
applied, thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Into a blind darkness they enter who follow after the Ignorance,
they as if into a greater darkness enter who devote themselves
to the Knowledge alone. -- Isha Upanishad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110928/3cd4c6b7/attachment.asc>
More information about the ffmpeg-devel
mailing list