[FFmpeg-devel] potential segfault in rle.c

Benoit Fouet benoit.fouet
Thu Jul 31 16:53:30 CEST 2008


Michael Niedermayer wrote:
> On Thu, Jul 31, 2008 at 02:15:01PM +0200, Mathieu Malaterre wrote:
>   
>> On Thu, Jul 31, 2008 at 1:01 PM, Michael Niedermayer <michaelni at gmx.at> wrote:
>>     
>>> On Wed, Jul 30, 2008 at 06:42:09PM +0200, Mathieu Malaterre wrote:
>>>       
>>>> [resent from ffmpeg-users]
>>>>
>>>> I believe there is a potential segfault in rle.c. See attached patch.
>>>>         
>>> [...]
>>>       
>>>>              count = count_pixels(ptr, w-x, bpp, 0);
>>>> +            /* are we allowed to write 1 byte + count*bpp bytes ? */
>>>> +            if(out + bpp*count + 1 > outbuf + out_size) return -1;
>>>>         
>>> if(out + bpp*count >= outbuf + out_size)
>>>
>>> is simpler
>>>       
>> done.
>>     
>
> ok
>
> [...]
>   
>   

applied (without the comment though)

-- 
Benoit Fouet
Purple Labs S.A.
www.purplelabs.com




More information about the ffmpeg-devel mailing list