[FFmpeg-devel] [PATCH] pnm parser crashes on corrupted frames

Reimar Döffinger Reimar.Doeffinger
Sat Mar 27 22:28:42 CET 2010


On Sat, Mar 27, 2010 at 02:16:13PM -0700, Howard Chu wrote:
> While using gource http://code.google.com/p/gource/ to generate a
> movie it looks like occasionally some corrupted frames get spit out,
> and these can cause ffmpeg to SEGV. This simple patch avoids one of
> the crash situations.
> -- 
>    -- Howard Chu
>    CTO, Symas Corp.           http://www.symas.com
>    Director, Highland Sun     http://highlandsun.com/hyc/
>    Chief Architect, OpenLDAP  http://www.openldap.org/project/

> Index: libavcodec/pnm.c
> ===================================================================
> --- libavcodec/pnm.c	(revision 22688)
> +++ libavcodec/pnm.c	(working copy)
> @@ -134,6 +134,8 @@
>          return -1;
>      pnm_get(s, buf1, sizeof(buf1));
>      avctx->height = atoi(buf1);
> +    if (avctx->height <= 0)
> +        return -1;
>      if(avcodec_check_dimensions(avctx, avctx->width, avctx->height))
>          return -1;

Having another dimension check in addition to avcodec_check_dimensions
definitely is not acceptable!
What exactly is the issue?



More information about the ffmpeg-devel mailing list