[FFmpeg-devel] [PATCH] dvbsubdec: check against buffer overreads
Reimar Döffinger
Reimar.Doeffinger
Thu Feb 10 20:41:50 CET 2011
On Thu, Feb 10, 2011 at 06:58:25PM +0100, Janne Grunau wrote:
> on Thu, Feb 10, 2011 at 12:39:39PM +0000, M?ns Rullg?rd wrote:
> @@ -1423,13 +1423,15 @@ static int dvbsub_decode(AVCodecContext *avctx,
>
> #endif
>
> - if (buf_size <= 2 || *buf != 0x0f)
> + if (buf_size <= 6 || *buf != 0x0f) {
> + av_dlog(avctx, "incomplete or broken packet");
I think it would be more consistent to use av_log in both cases,
most codecs print a message after such "fatal" errors.
> - while (p < p_end && *p == 0x0f) {
> + while (p_end - p >= 6 && *p == 0x0f) {
Just to be pedantic: while this is nicer, thanks to required padding
your original version could not overflow, so wasn't actually wrong.
But it's ok either way.
More information about the ffmpeg-devel
mailing list