[FFmpeg-devel] oggparsevorbis.c vorbis_comment: check for negative size
Attila Kinali
attila
Sun Oct 7 13:26:57 CEST 2007
On Sun, 7 Oct 2007 12:42:13 +0200
Attila Kinali <attila at kinali.ch> wrote:
> The segfault occures, because s is read from the file but only
> checked to be smaller than the limit, but not whether it is
> positive, resulting in an overflow when it is a big negative number.
>
> Patch attached
Updated patch. Missed another occurence of the same problem.
Attila Kinali
--
Linux ist... wenn man einfache Dinge auch mit einer kryptischen
post-fix Sprache loesen kann
-- Daniel Hottinger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: check_negative_size.diff
Type: text/x-diff
Size: 491 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20071007/0cbed055/attachment.diff>
More information about the ffmpeg-devel
mailing list