[FFmpeg-devel] [PATCH 3/3] ffmdec: change type of len to ptrdiff_t
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Sat Jan 2 17:13:38 CET 2016
On 02.01.2016 16:59, Nicolas George wrote:
> Le tridi 13 nivôse, an CCXXIV, Andreas Cadhalpun a écrit :
>> It is used to store the difference between pointers, so ptrdiff_t is the
>> correct type.
>>
>> This prevents potential overflows.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>> libavformat/ffmdec.c | 5 +++--
>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c
>> index 3162354..f4f8144 100644
>> --- a/libavformat/ffmdec.c
>> +++ b/libavformat/ffmdec.c
>> @@ -36,7 +36,7 @@ static int ffm_is_avail_data(AVFormatContext *s, int size)
>> {
>> FFMContext *ffm = s->priv_data;
>> int64_t pos, avail_size;
>> - int len;
>> + ptrdiff_t len;
>>
>> len = ffm->packet_end - ffm->packet_ptr;
>> if (size <= len)
>> @@ -87,7 +87,8 @@ static int ffm_read_data(AVFormatContext *s,
>> {
>> FFMContext *ffm = s->priv_data;
>> AVIOContext *pb = s->pb;
>> - int len, fill_size, size1, frame_offset, id;
>> + int fill_size, size1, frame_offset, id;
>> + ptrdiff_t len;
>> int64_t last_pos = -1;
>>
>> size1 = size;
>
> Should not be needed: the only place where packet_end becomes different from
> packet_ptr is this:
>
> ffm->packet_end = ffm->packet + (ffm->packet_size - FFM_HEADER_SIZE - fill_size);
>
> and ffm->packet_size is int (OTOH, this particular bit of pointer arithmetic
> should probably check packet_size beforehand).
Nonetheless it is better to use the correct type.
And without patch one of this series, the overflow is actually possible.
Happy new year,
Andreas
More information about the ffmpeg-devel
mailing list