[FFmpeg-devel] [PATCH] RTSP-MS 14/15: ASF packet parsing

Ronald S. Bultje rsbultje
Fri Jul 24 22:39:30 CEST 2009


On Mon, Jul 20, 2009 at 6:16 PM, Ronald S. Bultje<rsbultje at gmail.com> wrote:
> On Mon, Jul 20, 2009 at 6:14 PM, Michael Niedermayer<michaelni at gmx.at> wrote:
>> the updated p can have any value the attacker chooses if he can make
>> len have any value and i think he can but maybe i miss something ...
> Ah, integer overflows, of course. Will fix.

See attached, I added a if (end < p) return; at the top, that ensures
that any access to p is within range and doesn't overflow.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: rtsp-ms-parse-asf-payload.patch
Type: text/x-diff
Size: 9065 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090724/d37ded8f/attachment.patch>

More information about the ffmpeg-devel mailing list