[FFmpeg-devel] [PATCH] hevc: fix incorrect sao buffer size

Christophe Gisquet christophe.gisquet at gmail.com
Sun Aug 10 12:09:44 CEST 2014


2014-08-10 11:59 GMT+02:00 Christophe Gisquet <christophe.gisquet at gmail.com>:
> This fixes ticket #3839.

By the way, not completely sure, but that is probably exploitable (I
am not a security expert):
- indicate large cropping in the header; this will cause an overrun of
probably (max_ctb_size-1) lines (ie ~118KB for a 1920x??? sequence)
- the memcpy will then copy data past the buffer for the aforementioned overrun;
- if the stream uses icpm, you can put arbitrary data in the stream if
I'm not mistaken.


More information about the ffmpeg-devel mailing list