[FFmpeg-devel] [PATCH] nutdec: reject negative sm_size
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Sat Dec 19 17:59:29 CET 2015
On 19.12.2015 16:25, Michael Niedermayer wrote:
> On Sat, Dec 19, 2015 at 02:25:42PM +0100, Andreas Cadhalpun wrote:
>> nutdec.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>> d1813b6394c006a3f235e5e9a5fb8f5172933736 0001-nutdec-reject-negative-value_len-in-read_sm_data.patch
>> From 98fc98ce850d4d7fce30ee653dd48c063f0eaae6 Mon Sep 17 00:00:00 2001
>> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> Date: Sat, 19 Dec 2015 12:02:56 +0100
>> Subject: [PATCH] nutdec: reject negative value_len in read_sm_data
>>
>> If it is negative, it can cause the byte position to move backwards in
>> avio_skip, which in turn makes sm_size negative and thus size larger
>> than the size of the packet buffer, causing invalid writes in avio_read.
>>
>> Also fix potential overflow of avio_tell(bc) + value_len.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>> libavformat/nutdec.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> LGTM
Pushed.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list