[FFmpeg-devel] [PATCH 3/3] Check for out of bound writes when building tree in bink decoder.
Michael Niedermayer
michaelni at gmx.at
Tue Sep 27 03:43:18 CEST 2011
On Tue, Sep 27, 2011 at 01:02:17AM +0200, fenrir at elivagar.org wrote:
> From: Laurent Aimar <fenrir at videolan.org>
>
> ---
> libavcodec/bink.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/libavcodec/bink.c b/libavcodec/bink.c
> index 6447c96..e358772 100644
> --- a/libavcodec/bink.c
> +++ b/libavcodec/bink.c
> @@ -247,7 +247,7 @@ static void read_tree(GetBitContext *gb, Tree *tree)
> tree->syms[i] = get_bits(gb, 4);
> tmp1[tree->syms[i]] = 1;
> }
> - for (i = 0; i < 16; i++)
> + for (i = 0; i < 16 && len < 16 - 1; i++)
> if (!tmp1[i])
applied, though i suspect that 2 identical syms is an error condition
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Many things microsoft did are stupid, but not doing something just because
microsoft did it is even more stupid. If everything ms did were stupid they
would be bankrupt already.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110927/d54e28a8/attachment.asc>
More information about the ffmpeg-devel
mailing list