[FFmpeg-devel] [PATCH] prevent buffer overflow with large a/mulaw frames

Peter Ross pross
Sun Jul 26 07:32:59 CEST 2009

On Sat, Jul 25, 2009 at 09:42:52PM -0700, Baptiste Coudurier wrote:
> Hi Peter,
> On 07/25/2009 09:19 PM, Peter Ross wrote:
>> Hi,
>> This patch prevents alaw/mulaw decoders from writing beyond the output buffer.

> I think output buffer size is stored in *data_size.
> Code should check against this, but it seems it is already. Is the check  
> wrong ?
> Code is:
>     buf_size= FFMIN(buf_size, *data_size/2);
>     *data_size=0;
>     n = buf_size/sample_size;

You are correct, the bug actually exists in the *encoder* where there is no
such constraint on n. Updated patch enclosed.

-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pcm-mulaw-overflow2.diff
Type: text/x-diff
Size: 428 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090726/939cfb7d/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090726/939cfb7d/attachment.pgp>

More information about the ffmpeg-devel mailing list