[FFmpeg-devel] [PATCH] ogg: Fix OOB write during ogg_read_seek()
Michael Niedermayer
michaelni at gmx.at
Tue Apr 17 05:00:41 CEST 2012
On Mon, Apr 16, 2012 at 01:57:21PM -0700, dalecurtis at chromium.org wrote:
> From: Dale Curtis <dalecurtis at chromium.org>
>
> Prevents an OOB write of size 4 when ogg_read_seek is called with
> a stream_index >= ogg->nstreams.
>
> In this case s->nb_streams == 3, yet ogg->nstreams == 1 and
> stream_index == 1; causing os->keyframe_seek = 1 to write OOB.
>
> Test case available on request.
i tried both valgrind and address sanitizer, neither shows anything
invalid with
./ffmpeg_g -i oob-write.ogv -f null -
maybe reimar could take a look at the patch, iam a bit tired and
need to sleep a few hours ...
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
While the State exists there can be no freedom; when there is freedom there
will be no State. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120417/e8206a13/attachment.asc>
More information about the ffmpeg-devel
mailing list