[FFmpeg-devel] [FFmpeg-commits] targa: fix potential buffer overreads
Reimar Döffinger
Reimar.Doeffinger
Mon Feb 21 19:33:38 CET 2011
On Fri, Feb 18, 2011 at 05:16:34PM -0500, Ronald S. Bultje wrote:
> On Fri, Feb 18, 2011 at 10:09 AM, Jean-Daniel Dupas <git at ffmpeg.org> wrote:
> > -static void targa_decode_rle(AVCodecContext *avctx, TargaContext *s, const uint8_t *src, uint8_t *dst, int w, int h, int stride, int bpp)
> > +#define CHECK_BUFFER_SIZE(buf, buf_end, needed, where) \
> > + ? ?if(buf + needed > buf_end){ \
> > + ? ? ? ?av_log(avctx, AV_LOG_ERROR, "Problem: unexpected end of data while reading " where "\n"); \
> > + ? ? ? ?return -1; \
> > + ? ?} \
>
> Didn't Reimar just say this should be needed > buf_end - buf to
> prevent overflows? This looks wrong.
This still isn't fixed.
More information about the ffmpeg-devel
mailing list