[FFmpeg-devel] [PATCH] rpza: fix the bounds check
Carl Eugen Hoyos
ceffmpeg at gmail.com
Thu Jun 21 11:23:19 EEST 2018
2018-06-21 5:46 GMT+02:00, Xiao Yang <YangX92 at hotmail.com>:
> Fixes invalid writes when there are more blocks in a run
> than total remaining blocks
Please provide a test-case that allows to reproduce the
issue your patch fixes.
> (see CVE-2014-8548)
> ---
> libavcodec/rpza.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/libavcodec/rpza.c b/libavcodec/rpza.c
> index b71ebd1..7cb6b89 100644
> --- a/libavcodec/rpza.c
> +++ b/libavcodec/rpza.c
> @@ -68,6 +68,11 @@ typedef struct RpzaContext {
> row_ptr += stride * 4; \
> } \
> total_blocks--; \
> + if (total_blocks < !!n_blocks) \
> + { \
> + av_log(s->avctx, AV_LOG_INFO, "warning: block
> counter just went negative (this should not happen)\n"); \
> + return; \
This produces several warnings at compile time, please fix them.
Carl Eugen
More information about the ffmpeg-devel
mailing list