On Tue, Oct 11, 2016 at 11:16:48AM +0200, Michael Niedermayer wrote: > On Tue, Oct 11, 2016 at 10:06:54AM +0200, Carl Eugen Hoyos wrote: > > 2016-09-05 11:12 GMT+02:00 Carl Eugen Hoyos <ceffm...@gmail.com>: > > > 2016-09-05 10:26 GMT+02:00 Paul B Mahol <one...@gmail.com>: > > >> On 9/5/16, Carl Eugen Hoyos <ceffm...@gmail.com> wrote: > > > > > >>> New patch attached. > > >> > > >> It seems this patch disables check for all cases when experimental is > > >> enabled, > > >> but check for overflow in only one case. > > > > > > I am not sure I understand: > > > Do you mean I missed a case where an overflow is now (after the patch) > > > possible (but wasn't before) or do you mean there are formats after the > > > patch that allow truncation and formats that do not allow it? > > > > Ping. > > i didnt look at the code but from the diff it seems what was > meant was that bytestream + n could point outside the array > that is indeed (suprising to many) undefined, you dont need to do > bytestream[n]
i just stumbled across this again the correct way to check for the end (overflow wise) is if (n > s->bytestream_end - s->bytestream) ... also ptr[] should be memset (probably to 0) when there is no more input [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Dictatorship: All citizens are under surveillance, all their steps and actions recorded, for the politicians to enforce control. Democracy: All politicians are under surveillance, all their steps and actions recorded, for the citizens to enforce control.
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel