[FFmpeg-devel] potential segfault in rle.c

Mathieu Malaterre mathieu.malaterre
Thu Jul 31 14:15:01 CEST 2008


On Thu, Jul 31, 2008 at 1:01 PM, Michael Niedermayer <michaelni at gmx.at> wrote:
> On Wed, Jul 30, 2008 at 06:42:09PM +0200, Mathieu Malaterre wrote:
>> [resent from ffmpeg-users]
>>
>> I believe there is a potential segfault in rle.c. See attached patch.
>
> [...]
>>              count = count_pixels(ptr, w-x, bpp, 0);
>> +            /* are we allowed to write 1 byte + count*bpp bytes ? */
>> +            if(out + bpp*count + 1 > outbuf + out_size) return -1;
>
> if(out + bpp*count >= outbuf + out_size)
>
> is simpler

done.

Thanks,
-- 
Mathieu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rle.patch2
Type: application/octet-stream
Size: 640 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20080731/4da989bf/attachment.obj>



More information about the ffmpeg-devel mailing list