[FFmpeg-devel] potential segfault in rle.c
Michael Niedermayer
michaelni
Thu Jul 31 13:01:33 CEST 2008
On Wed, Jul 30, 2008 at 06:42:09PM +0200, Mathieu Malaterre wrote:
> [resent from ffmpeg-users]
>
> I believe there is a potential segfault in rle.c. See attached patch.
[...]
> count = count_pixels(ptr, w-x, bpp, 0);
> + /* are we allowed to write 1 byte + count*bpp bytes ? */
> + if(out + bpp*count + 1 > outbuf + out_size) return -1;
if(out + bpp*count >= outbuf + out_size)
is simpler
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Opposition brings concord. Out of discord comes the fairest harmony.
-- Heraclitus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20080731/b4aa0f66/attachment.pgp>
More information about the ffmpeg-devel
mailing list