[FFmpeg-devel] [PATCH] dvenc: Prevent out-of-bounds read
derek.buitenhuis at gmail.com
Fri Nov 17 19:54:18 EET 2017
On 11/17/2017 5:37 PM, Michael Niedermayer wrote:
> hmm, i cant really remember this clearly but from looking at the code
> it looks like this is the logic:
> b->next[k] < 64
> b->next[k] >= mb_area_start[a + 1] implies mb_area_start[a + 1] < 64
> which implies a < 3
> and a2 < 4 on the first iteration so the first is still in the array
> subsequently, b->next[k] >= mb_area_start[a2 + 1] exists before the end
> as b->next[k] < 64 and the last entry being 64
Seems to be the case, though it is incredibly non-obvious.
Is there a better way to have that assert run than to check we'd have
already run the OOB access?
More information about the ffmpeg-devel