[FFmpeg-devel] [PATCH] vp3: Fix out of bounds write.

Dale Curtis dalecurtis at chromium.org
Fri Apr 13 00:47:46 CEST 2012


After digging on this today, the issue does not reproduce on master. It was
previously seen with a corrupted ogg file. I'll upload a new patch shortly
with the recommended av_assert0() in it.

- dale

On Thu, Apr 12, 2012 at 11:24 AM, Reimar Döffinger <Reimar.Doeffinger at gmx.de
> wrote:

> On Thu, Apr 12, 2012 at 12:21:24PM +0200, Michael Niedermayer wrote:
> > On Wed, Apr 11, 2012 at 06:09:51PM -0700, dalecurtis at chromium.org wrote:
> > > From: Dale Curtis <dalecurtis at chromium.org>
> > >
> > > On corrupt or malicious files, filter_limit can be >= 128 leading
> > > to an out of bounds write.
> >
> > how can filter_limit become >= 128 ?
>
> I see absolutely no way. But even if there was, it's value should
> be clamped (or even faster just & 127) but certainly not a condition
> be added inside the loop.
>
> > if this cant be reproduced anymore, adding an av_assert0(<128)
> > would make sense just to be sure.
>
> That seems reasonable, after it is at most called once per frame
> so such a check wouldn't hurt.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>


More information about the ffmpeg-devel mailing list