[FFmpeg-devel] [libav-devel] [PATCH] alsdec: validate time diff index
Thilo Borgmann
thilo.borgmann at mail.de
Tue Apr 21 08:14:29 CEST 2015
Am 20.04.15 um 23:20 schrieb Andreas Cadhalpun:
> On 19.04.2015 22:20, Luca Barbato wrote:
>> On 18/04/15 18:58, Andreas Cadhalpun wrote:
>>> If begin is smaller than t, the subtraction 'begin -= t' wraps around,
>>> because begin is unsigned. The same applies for end < t.
>>>
>>> This causes segmentation faults.
>>
>> Actually, the access to raw_buffer seems a bit optimistic all over this
>> code.
>>
>> I'd check that `master` is always between `raw_buffer` and the end of it.
>
> You mean something like the attached patch?
>
>> (I'm not sure if `div_blocks` is validated before, same for `offset`)
>
> That should catch problems in those as well.
Have you tested with fate after applying this patch locally?
-Thilo
More information about the ffmpeg-devel
mailing list