[FFmpeg-devel] [PATCH] mingw memalign hack fix

David DeHaven dave
Thu Nov 27 01:37:39 CET 2008


>>>> +    diff = ((-(long)ptr - 1)&15) + 1;
>>>
>>> intptr_t should be used instead of long.
>>
>> Agreed. I fixed av_malloc too...
>
> still exploitable, besides your code cannot work at all
> when "diff" changes the content of the buffer will not be where  
> realign()
> requires it to be.
>
> may i suggest that you first tell us which av_realloc() call is causig
> problems, it likely should just be replaced by av_free() av_malloc()


I understand your point about exploitability...

Geez, where do I start? The h.264 and ac3 decoders both use  
av_realloc'd blocks frequently (either directly or through other  
calls), those have been the two most annoying. I suppose I could track  
down where all the reallocations are happening, might take some time  
as we're preparing for a weekend of feasting on roasted bird :)

-Dr "tryptophan" D-





More information about the ffmpeg-devel mailing list