[FFmpeg-devel] [PATCH] fli with invalid frame size overreads buffer (issue 2520)
Daniel Kang
daniel.d.kang
Mon Jan 10 06:27:41 CET 2011
On Sun, Jan 9, 2011 at 8:18 PM, Michael Niedermayer <michaelni at gmx.at>wrote:
> On Sun, Jan 09, 2011 at 03:48:39PM -0500, Daniel Kang wrote:
> > ffmpeg does not check for overreads in fli decoding. This is probably
> > because it is difficult to determine how much the decoding will read in,
> > due to the large number of cases. The patch attached adds a check for
> > this.
>
> > flicvideo.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> > 7c1cb423fa786e1c29e37df538dc3daad4b6603a fli_overread_check.diff
> > From 294ac5d1681f8cbd6575eab1dc52e9170ae2d296 Mon Sep 17 00:00:00 2001
> > From: Daniel Kang <daniel.d.kang at gmail.com>
> > Date: Sun, 9 Jan 2011 15:26:29 -0500
> > Subject: [PATCH] Add check for fli files
>
> This looks quite insufficient
My idea was that the buffer padding will take care of small overreads,
but I think you are right. Should I instead put in checks for each case?
More information about the ffmpeg-devel
mailing list