[FFmpeg-devel] [PATCH 2/4] Check for out of bounds reads in ff_h264_decode_extradata().
Michael Niedermayer
michaelni at gmx.at
Sat Sep 24 16:50:45 CEST 2011
On Sat, Sep 24, 2011 at 04:16:39PM +0200, fenrir at elivagar.org wrote:
[...]
> @@ -1005,6 +1005,8 @@ int ff_h264_decode_extradata(H264Context *h)
> p += 6;
> for (i = 0; i < cnt; i++) {
> nalsize = AV_RB16(p) + 2;
> + if (p - avctx->extradata + nalsize > avctx->extradata_size)
> + return -1;
> if(decode_nal_units(h, p, nalsize) < 0) {
> av_log(avctx, AV_LOG_ERROR, "Decoding sps %d from avcC failed\n", i);
> return -1;
This is no longer correct, ff_h264_decode_extradata() in ffmpeg.org
takes a *buf and size now. This change was needed to handle mid stream
extradata.
Ive fixed & applied it.
Thanks for pointing me at this bug!
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The greatest way to live with honor in this world is to be what we pretend
to be. -- Socrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110924/fb9d67e4/attachment.asc>
More information about the ffmpeg-devel
mailing list