[FFmpeg-devel] [PATCH] check buffer is inside what is passed when probing for flac.
Benoit Fouet
benoit.fouet
Tue Jan 27 15:32:18 CET 2009
On 01/27/2009 03:26 PM, Philipp Meinen wrote:
> Hello
>
> [...]
>
>> ===================================================================
>> --- libavformat/raw.c (revision 16816)
>> +++ libavformat/raw.c (working copy)
>> @@ -586,11 +586,12 @@ static int eac3_probe(AVProbeData *p)
>> static int flac_probe(AVProbeData *p)
>> {
>> uint8_t *bufptr = p->buf;
>> + uint8_t *end = p->buf + p->buf_size;
>>
>> if(ff_id3v2_match(bufptr))
>> bufptr += ff_id3v2_tag_len(bufptr);
>>
>> - if(memcmp(bufptr, "fLaC", 4)) return 0;
>> + if(bufptr > end-4 || memcmp(bufptr, "fLaC", 4)) return 0;
>>
>
> Might I ask why you use poiner-logic instead of using the
> buf_size field ?
>
> something like:
> if (buf_size > 3 || ...)
>
>
because of the 'bufptr += ...' part
Ben
More information about the ffmpeg-devel
mailing list