[FFmpeg-devel] [PATCH]lavc/bmp: Avoid a heap buffer overwrite for 1bpp
Tomas Härdin
tjoppen at acc.umu.se
Wed Mar 27 11:37:05 EET 2019
tis 2019-03-26 klockan 13:38 +0100 skrev Carl Eugen Hoyos:
> Hi!
>
> Attached patch intends to fix a buffer overwrite reported today.
Funny, I was looking at this code a few weeks ago as a good candidate
for some static analysis/formal verification
> ptr[avctx->width - (avctx->width & 7) + j] = buf[avctx->width >> 3] >> (7 - j) & 1;
An extra pair of parenthesis around the right-hand side would be
prudent:
(buf[avctx->width >> 3] >> (7 - j)) & 1
/Tomas
More information about the ffmpeg-devel
mailing list