[FFmpeg-devel] [PATCH 3/3] rawdec: only exempt BIT0 with need_copy from buffer sanity check

Michael Niedermayer michael at niedermayer.cc
Sun Dec 20 01:11:32 CET 2015


On Sat, Dec 19, 2015 at 11:49:14PM +0100, Andreas Cadhalpun wrote:
> Otherwise the too samll buffer is directly used in the frame, causing
> segmentation faults, when trying to use the frame.
> 
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
>  libavcodec/rawdec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavcodec/rawdec.c b/libavcodec/rawdec.c
> index 611178f..50cee39 100644
> --- a/libavcodec/rawdec.c
> +++ b/libavcodec/rawdec.c
> @@ -257,7 +257,7 @@ static int raw_decode(AVCodecContext *avctx, void *data, int *got_frame,
>          buf += buf_size - context->frame_size;
>  
>      len = context->frame_size - (avctx->pix_fmt==AV_PIX_FMT_PAL8 ? AVPALETTE_SIZE : 0);
> -    if (buf_size < len && (avctx->codec_tag & 0xFFFFFF) != MKTAG('B','I','T', 0)) {
> +    if (buf_size < len && ((avctx->codec_tag & 0xFFFFFF) != MKTAG('B','I','T', 0) || !need_copy)) {
>          av_log(avctx, AV_LOG_ERROR, "Invalid buffer size, packet size %d < expected frame_size %d\n", buf_size, len);
>          av_buffer_unref(&frame->buf[0]);
>          return AVERROR(EINVAL);

should be ok, alterantively you could also force need_copy in these
cases

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Republics decline into democracies and democracies degenerate into
despotisms. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20151220/fe0c1cf7/attachment.sig>


More information about the ffmpeg-devel mailing list