[FFmpeg-devel] [PATCH] jvdec: avoid unsized overflow in comparison
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Sat Nov 7 13:21:26 CET 2015
On 07.11.2015 06:07, Paul B Mahol wrote:
> On 11/6/15, Andreas Cadhalpun <andreas.cadhalpun at googlemail.com> wrote:
>> The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size
>> is 3, the right side overflows leading to a wrong result of the
>> comparison and subsequently a heap buffer overflow.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>> libavformat/jvdec.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> lgtm
Pushed...
On 07.11.2015 06:19, Timothy Gu wrote:
> On Fri, Nov 06, 2015 at 09:11:40PM +0100, Andreas Cadhalpun wrote:
>> Subject: [FFmpeg-devel] [PATCH] jvdec: avoid unsized overflow in comparison
>
> *unsigned
...with the typo fixed.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list