[FFmpeg-devel] [libav-devel] [PATCH] vp8: Fix off by one allocation leading to oob read/write.

Sean McGovern gseanmcg at gmail.com
Thu Apr 12 03:25:39 CEST 2012


On Wednesday, April 11, 2012, Jason Garrett-Glaser <jason at x264.com> wrote:
> On Wed, Apr 11, 2012 at 6:14 PM,  <dalecurtis at chromium.org> wrote:
>> From: Dale Curtis <dalecurtis at chromium.org>
>>
>> It's possible this is due to an incorrect calculation elsewhere,
>> but my expertise ran out.
>
> How can this be right?  top_nnz is only accessed as top_nnz[mb_x], and
> mb_x must be < s->mb_width.

Does this condition only happen on crafted files?

-- Sean McG.


More information about the ffmpeg-devel mailing list