[FFmpeg-devel] [PATCH] lavu/mem: fix potential int overflow and crash in av_dynarray_add()

Michael Niedermayer michaelni at gmx.at
Sat May 4 17:26:02 CEST 2013


On Sat, Apr 27, 2013 at 07:40:46PM +0200, Stefano Sabatini wrote:
> On date Friday 2013-04-26 02:58:05 +0200, Michael Niedermayer encoded:
> > On Thu, Apr 25, 2013 at 12:36:21AM +0200, Stefano Sabatini wrote:
> [...]
> > > --- a/libavutil/mem.h
> > > +++ b/libavutil/mem.h
> > > @@ -197,7 +197,8 @@ void av_freep(void *ptr);
> > >   *
> > >   * In case of success, the pointer to the array is updated in order to
> > >   * contain the new growed array, and the number pointed to by nb_ptr
> > > - * is incremented.
> > > + * is incremented. In case of failure, the array is not modified and
> > > + * *nb_ptr is not updated.
> > 
> > how could a user detect an error, also existing code that does not
> > check couls misbehave in a worse way than before
> 
> Well I could simply dealloc and set array and nb_ptr to 0. This would
> avoid a crash in the function (but not prevent the crash in the
> application).
> -- 
> FFmpeg = Freak Furious Majestic Powerful Elected Gladiator

>  mem.c |   14 ++++++++++++--
>  mem.h |    2 ++
>  2 files changed, 14 insertions(+), 2 deletions(-)
> 073c51ba1dea65fa15723da9001d5ca5acc574a5  0004-lavu-mem-fix-potential-int-overflow-and-crash-in-av_.patch
> From 6ffd4a05a18e0e68742e6fda4c40e13a7de7a459 Mon Sep 17 00:00:00 2001
> From: Stefano Sabatini <stefasab at gmail.com>
> Date: Thu, 25 Apr 2013 00:27:46 +0200
> Subject: [PATCH] lavu/mem: fix potential int overflow and crash in
>  av_dynarray_add()
> 
> Also extend documentation accordingly.

should be ok

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Let us carefully observe those good qualities wherein our enemies excel us
and endeavor to excel them, by avoiding what is faulty, and imitating what
is excellent in them. -- Plutarch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130504/d79fcf7d/attachment.asc>


More information about the ffmpeg-devel mailing list