[FFmpeg-devel] [PATCH] lavu/mem: fix potential int overflow and crash in av_dynarray_add()

Stefano Sabatini stefasab at gmail.com
Wed May 8 01:44:59 CEST 2013


On date Saturday 2013-05-04 17:26:02 +0200, Michael Niedermayer encoded:
> On Sat, Apr 27, 2013 at 07:40:46PM +0200, Stefano Sabatini wrote:
> > On date Friday 2013-04-26 02:58:05 +0200, Michael Niedermayer encoded:
> > > On Thu, Apr 25, 2013 at 12:36:21AM +0200, Stefano Sabatini wrote:
> > [...]
> > > > --- a/libavutil/mem.h
> > > > +++ b/libavutil/mem.h
> > > > @@ -197,7 +197,8 @@ void av_freep(void *ptr);
> > > >   *
> > > >   * In case of success, the pointer to the array is updated in order to
> > > >   * contain the new growed array, and the number pointed to by nb_ptr
> > > > - * is incremented.
> > > > + * is incremented. In case of failure, the array is not modified and
> > > > + * *nb_ptr is not updated.
> > > 
> > > how could a user detect an error, also existing code that does not
> > > check couls misbehave in a worse way than before
> > 
> > Well I could simply dealloc and set array and nb_ptr to 0. This would
> > avoid a crash in the function (but not prevent the crash in the
> > application).
> > -- 
> > FFmpeg = Freak Furious Majestic Powerful Elected Gladiator
> 
> >  mem.c |   14 ++++++++++++--
> >  mem.h |    2 ++
> >  2 files changed, 14 insertions(+), 2 deletions(-)
> > 073c51ba1dea65fa15723da9001d5ca5acc574a5  0004-lavu-mem-fix-potential-int-overflow-and-crash-in-av_.patch
> > From 6ffd4a05a18e0e68742e6fda4c40e13a7de7a459 Mon Sep 17 00:00:00 2001
> > From: Stefano Sabatini <stefasab at gmail.com>
> > Date: Thu, 25 Apr 2013 00:27:46 +0200
> > Subject: [PATCH] lavu/mem: fix potential int overflow and crash in
> >  av_dynarray_add()
> > 
> > Also extend documentation accordingly.
> 
> should be ok

Thanks, applied.
-- 
FFmpeg = Furious and Fabulous Multipurpose Philosophical Enchanting Gadget


More information about the ffmpeg-devel mailing list