[FFmpeg-devel] [PATCH] apedec: ensure blockstodecode is large enough
michaelni at gmx.at
Tue Apr 28 03:18:01 CEST 2015
On Mon, Apr 27, 2015 at 11:56:15PM +0200, Andreas Cadhalpun wrote:
> s->decoded_buffer is allocated with a min_size of:
> 2 * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer)
> Then it is assigned to s->decoded, which is passed as out buffer to
> In this function 64 elements of the out buffer are written
> unconditionally and outside the array if blocksdecode is too small.
> This causes memory corruption, leading to segmentation faults or other crashes.
> Thus check that FFALIGN(blockstodecode, 8) is at least 32, i. e. the
> decoded_buffer has at least 64 components.
the stereo case would need a check against 64 i think
also if this is specifific to decode_array_0000(), then the others
should not fail with a short array
or decode_array_0000() could be made to just write less or error
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Old school: Use the lowest level language in which you can solve the problem
New school: Use the highest level language in which the latest supercomputer
can solve the problem without the user falling asleep waiting.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 181 bytes
Desc: Digital signature
More information about the ffmpeg-devel