[FFmpeg-devel] [PATCH 6/7] lavf/flacenc: avoid buffer overread with unexpected extradata sizes
Michael Niedermayer
michael at niedermayer.cc
Wed Aug 2 16:00:36 EEST 2017
On Wed, Aug 02, 2017 at 01:30:44AM -0500, Rodger Combs wrote:
> ---
> libavformat/flacenc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/flacenc.c b/libavformat/flacenc.c
> index 9768b6a..1906aee 100644
> --- a/libavformat/flacenc.c
> +++ b/libavformat/flacenc.c
> @@ -322,7 +322,7 @@ static int flac_write_trailer(struct AVFormatContext *s)
> if (!c->write_header || !streaminfo)
> return 0;
>
> - if (pb->seekable & AVIO_SEEKABLE_NORMAL) {
> + if (pb->seekable & AVIO_SEEKABLE_NORMAL && (c->streaminfo || s->streams[0]->codecpar->extradata_size == FLAC_STREAMINFO_SIZE)) {
this looks a bit odd
uint8_t *streaminfo = c->streaminfo ? c->streaminfo :
s->streams[0]->codecpar->extradata;
...
> + if (pb->seekable & AVIO_SEEKABLE_NORMAL && (c->streaminfo || s->streams[0]->codecpar->extradata_size == FLAC_STREAMINFO_SIZE)) {
isnt this just "&& c->streaminfo" ?
also is s->streams[0] correct ?
shouldnt this use c->audio_stream_idx ?
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
When you are offended at any man's fault, turn to yourself and study your
own failings. Then you will forget your anger. -- Epictetus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170802/164a6a5f/attachment.sig>
More information about the ffmpeg-devel
mailing list