[FFmpeg-devel] [PATCH] lavu/mem: fix potential int overflow and crash in av_dynarray_add()
Stefano Sabatini
stefasab at gmail.com
Sat May 4 16:03:02 CEST 2013
On date Saturday 2013-04-27 19:40:46 +0200, Stefano Sabatini encoded:
> On date Friday 2013-04-26 02:58:05 +0200, Michael Niedermayer encoded:
> > On Thu, Apr 25, 2013 at 12:36:21AM +0200, Stefano Sabatini wrote:
> [...]
> > > --- a/libavutil/mem.h
> > > +++ b/libavutil/mem.h
> > > @@ -197,7 +197,8 @@ void av_freep(void *ptr);
> > > *
> > > * In case of success, the pointer to the array is updated in order to
> > > * contain the new growed array, and the number pointed to by nb_ptr
> > > - * is incremented.
> > > + * is incremented. In case of failure, the array is not modified and
> > > + * *nb_ptr is not updated.
> >
> > how could a user detect an error, also existing code that does not
> > check couls misbehave in a worse way than before
>
> Well I could simply dealloc and set array and nb_ptr to 0. This would
> avoid a crash in the function (but not prevent the crash in the
> application).
> --
> FFmpeg = Freak Furious Majestic Powerful Elected Gladiator
> From 6ffd4a05a18e0e68742e6fda4c40e13a7de7a459 Mon Sep 17 00:00:00 2001
> From: Stefano Sabatini <stefasab at gmail.com>
> Date: Thu, 25 Apr 2013 00:27:46 +0200
> Subject: [PATCH] lavu/mem: fix potential int overflow and crash in
> av_dynarray_add()
>
> Also extend documentation accordingly.
> ---
> libavutil/mem.c | 14 ++++++++++++--
> libavutil/mem.h | 2 ++
> 2 files changed, 14 insertions(+), 2 deletions(-)
Ping.
--
FFmpeg = Faithful and Fantastic Meaningless Problematic Elitist Guru
More information about the ffmpeg-devel
mailing list