[Ffmpeg-devel] [PATCH] Fix 2 buffer overflows in dtsdec.c
Roberto Togni
r_togni
Thu Apr 20 21:25:34 CEST 2006
On Thu, 20 Apr 2006 17:59:28 +0300
Uoti Urpala <uoti.urpala at pp1.inet.fi> wrote:
> dtsdec.c copies one input packet at a time to a (static) buffer, the
> buffer size is 4096 bytes while the copied packet size can be up to
> 18726 bytes.
>
> The code also keeps decoding until all input data has been used up,
> writing an unbounded amount of bytes to the output buffer and not
> respecting AVCODEC_MAX_AUDIO_FRAME_SIZE.
>
> The patch increases the internal buffer size and makes the code return
> after decoding one frame. Also changes dts_decode_init to return -1, not
> 1, on failure. Required reindentation is not included in the patch.
>
[...]
Applied.
Ciao,
Roberto
More information about the ffmpeg-devel
mailing list