[FFmpeg-devel] [libav-devel] [PATCH] exr: fix out of bounds read in get_code
andreas.cadhalpun at googlemail.com
Mon Dec 14 23:50:03 CET 2015
On 14.12.2015 22:37, Luca Barbato wrote:
> On 13/12/15 23:37, Andreas Cadhalpun wrote:
>> This macro unconditionally used out[-1], which causes an out of bounds
>> read, if out is the very beginning of the buffer.
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> libavcodec/exr.c | 10 +++++-----
>> 1 file changed, 5 insertions(+), 5 deletions(-)
> When is it happening?
When get_code is called for the first time, out is the beginning of the buffer.
If then the 'po == rlc' branch is used, 's = out[-1]' is invalid.
More information about the ffmpeg-devel