[Ffmpeg-devel] [PATCH] mjpeg cleanup and again interlaced fix

Michael Niedermayer michaelni
Sat Apr 14 23:18:27 CEST 2007


On Wed, Apr 11, 2007 at 02:17:14PM +0200, Baptiste Coudurier wrote:
> Hi
> 3 patches:
> - remove useless MpegEncContext.

passed regressions, applied

> - fix odd field height decoding.

while ive already said this is ok, i must retract this approval, ive made
a misstake the patch is totally broken and introduces a exploitable buffer
overflow, and a fairly obvious one

using the container height for the allocated image instead of 2*height
and then decoding a image with the codec height into it of course cannot
work as theres no guarantee that container height >= 2* codec height
this also isnt checked anywhere

nice reason to fork, anyone still curious why i reject patches i dont
fully understand?

Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I am the wisest man alive, for I know one thing, and that is that I know
nothing. -- Socrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070414/5737d9af/attachment.pgp>

More information about the ffmpeg-devel mailing list