[FFmpeg-devel] [PATCH]lavc/bmp: Avoid a heap buffer overwrite for 1bpp

Tomas Härdin tjoppen at acc.umu.se
Wed Mar 27 11:37:05 EET 2019


tis 2019-03-26 klockan 13:38 +0100 skrev Carl Eugen Hoyos:
> Hi!
> 
> Attached patch intends to fix a buffer overwrite reported today.

Funny, I was looking at this code a few weeks ago as a good candidate
for some static analysis/formal verification

> ptr[avctx->width - (avctx->width & 7) + j] = buf[avctx->width >> 3] >> (7 - j) & 1;

An extra pair of parenthesis around the right-hand side would be
prudent:

  (buf[avctx->width >> 3] >> (7 - j)) & 1

/Tomas


More information about the ffmpeg-devel mailing list