[FFmpeg-devel] [PATCH] asfdec fixes
Michael Niedermayer
michaelni
Sat Dec 11 17:16:13 CET 2010
On Sat, Dec 11, 2010 at 02:48:09PM +0100, Reimar D?ffinger wrote:
[...]
> @@ -977,7 +980,8 @@
> av_log(s, AV_LOG_ERROR, "pkt.size != ds_packet_size * ds_span (%d %d %d)\n", asf_st->pkt.size, asf_st->ds_packet_size, asf_st->ds_span);
> }else{
> /* packet descrambling */
> - uint8_t *newdata = av_malloc(asf_st->pkt.size);
> + uint8_t *newdata = av_malloc(asf_st->pkt.size + FF_INPUT_BUFFER_PADDING_SIZE);
> + memset(newdata + asf_st->pkt.size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
> if (newdata) {
> int offset = 0;
> while (offset < asf_st->pkt.size) {
this is missing a malloc failure check which could lead to you are writing zeros
at a user specified place
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
it is not once nor twice but times without number that the same ideas make
their appearance in the world. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20101211/416aefbc/attachment.pgp>
More information about the ffmpeg-devel
mailing list