[FFmpeg-devel] potential segfault in rle.c
Benoit Fouet
benoit.fouet
Thu Jul 31 16:53:30 CEST 2008
Michael Niedermayer wrote:
> On Thu, Jul 31, 2008 at 02:15:01PM +0200, Mathieu Malaterre wrote:
>
>> On Thu, Jul 31, 2008 at 1:01 PM, Michael Niedermayer <michaelni at gmx.at> wrote:
>>
>>> On Wed, Jul 30, 2008 at 06:42:09PM +0200, Mathieu Malaterre wrote:
>>>
>>>> [resent from ffmpeg-users]
>>>>
>>>> I believe there is a potential segfault in rle.c. See attached patch.
>>>>
>>> [...]
>>>
>>>> count = count_pixels(ptr, w-x, bpp, 0);
>>>> + /* are we allowed to write 1 byte + count*bpp bytes ? */
>>>> + if(out + bpp*count + 1 > outbuf + out_size) return -1;
>>>>
>>> if(out + bpp*count >= outbuf + out_size)
>>>
>>> is simpler
>>>
>> done.
>>
>
> ok
>
> [...]
>
>
applied (without the comment though)
--
Benoit Fouet
Purple Labs S.A.
www.purplelabs.com
More information about the ffmpeg-devel
mailing list