[FFmpeg-devel] [PATCH] ituh263dec: Prevent overreading header buffer

Ronald S. Bultje rsbultje at gmail.com
Mon Oct 21 20:02:07 CEST 2013


Hi,

On Mon, Oct 21, 2013 at 11:48 AM, Paul B Mahol <onemda at gmail.com> wrote:

> On 10/21/13, Derek Buitenhuis <derek.buitenhuis at gmail.com> wrote:
> > Signed-off-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
> > ---
> > Fixes a crash in a sample I have.
> > ---
> >  libavcodec/ituh263dec.c |    5 +++++
> >  1 files changed, 5 insertions(+), 0 deletions(-)
> >
> > diff --git a/libavcodec/ituh263dec.c b/libavcodec/ituh263dec.c
> > index 08aeb30..6c7c12d 100644
> > --- a/libavcodec/ituh263dec.c
> > +++ b/libavcodec/ituh263dec.c
> > @@ -874,6 +874,11 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
> >
> >      align_get_bits(&s->gb);
> >
> > +    if (get_bits_left(&s->gb) < 22 - 8) {
> > +        av_log(s->avctx, AV_LOG_ERROR, "Not enough bits to decode
> > header.\n");
> > +        return -1;
> > +    }
> > +
> >      if (show_bits(&s->gb, 2) == 2 && s->avctx->frame_number == 0) {
> >           av_log(s->avctx, AV_LOG_WARNING, "Header looks like RTP
> instead of
> > H.263\n");
> >      }
> > --
> > 1.7.1
>
> lgtm
>
> OT: wonders why it use unchecked bitstream reader.


Right, if it can overread, it should use the checked bitstream reader. If
it wasn't designed to not overread, don't try to hack it in afterwards,
it's a bad, bad idea.

Ronald


More information about the ffmpeg-devel mailing list