Hi Zhentan,
On Wed, Mar 10, 2010 at 10:42 AM, spyfeng <[email protected]> wrote:
> + /* read packet size */
> + if (end - p > sizeof(ff_asf_guid) * 2 + 64) {
> + mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64);
> + return 0;
> + }
I actually made a mistake here, this is a potential buffer overread.
The top line should be:
[..]
if (end - p > sizeof(ff_asf_guid) * 2 + 68) {
[..]
Ronald
_______________________________________________
FFmpeg-soc mailing list
[email protected]
https://lists.mplayerhq.hu/mailman/listinfo/ffmpeg-soc
