[FFmpeg-devel] [libav-devel] [PATCH] xwddec: prevent overflow of lsize * avctx->height
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Sat Dec 19 14:30:02 CET 2015
On 19.12.2015 14:23, Michael Niedermayer wrote:
> On Sat, Dec 19, 2015 at 12:17:42PM +0100, Andreas Cadhalpun wrote:
>> On 19.12.2015 01:32, Michael Niedermayer wrote:
>>> On Fri, Dec 18, 2015 at 08:13:06PM +0100, Andreas Cadhalpun wrote:
>>>> xwddec.c | 6 ++++++
>>>> 1 file changed, 6 insertions(+)
>>>> 0be27d89a669445b523bfdac99884065e3581f3c 0001-xwddec-prevent-overflow-of-lsize-avctx-height.patch
>>>> From fb40616d7b432680b92dc3adc44a5b5d12fac55d Mon Sep 17 00:00:00 2001
>>>> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>>>> Date: Fri, 18 Dec 2015 19:28:51 +0100
>>>> Subject: [PATCH] xwddec: prevent overflow of lsize * avctx->height
>>>>
>>>> This is used to check if the input buffer is larger enough, so if this
>>>> overflows it can cause a false negative leading to a segmentation fault
>>>> in bytestream2_get_bufferu.
>>>
>>> cant the addition overflow too in the input buffer check ?
>>
>> Probably.
>>
>>> if so then using 64bit in the input buffer check would avoid the
>>> need for a explicit check on lsize
>>
>> Indeed, that's simpler. New patch attached.
>
> LGTM
Pushed.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list