[FFmpeg-devel] [PATCH]lavc/bmp: Avoid a heap buffer overwrite for 1bpp

Michael Niedermayer michael at niedermayer.cc
Tue Mar 26 21:51:06 EET 2019


On Tue, Mar 26, 2019 at 01:38:14PM +0100, Carl Eugen Hoyos wrote:
> Hi!
> 
> Attached patch intends to fix a buffer overwrite reported today.
> 
> Please comment, Carl Eugen

>  bmp.c |    5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> ab9b89481fc3c93d4a631fb1d6b25dddbdd4bb50  0001-lavc-bmp-Avoid-a-heap-buffer-overwrite-for-1bpp-inpu.patch
> From bd0dfa740f879eca6b13bb841e3b8d37718460ea Mon Sep 17 00:00:00 2001
> From: Carl Eugen Hoyos <ceffmpeg at gmail.com>
> Date: Tue, 26 Mar 2019 13:32:11 +0100
> Subject: [PATCH] lavc/bmp: Avoid a heap buffer overwrite for 1bpp input.
> 
> Found by Mingi Cho, Seoyoung Kim, and Taekyoung Kwon
> of the Information Security Lab, Yonsei University.
> ---
>  libavcodec/bmp.c |    5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)

LGTM

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The educated differ from the uneducated as much as the living from the
dead. -- Aristotle 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20190326/8465dd55/attachment.sig>


More information about the ffmpeg-devel mailing list