Re: [FFmpeg-devel] [PATCH 2/2] ffmdec: reject zero-sized chunks
On 03.12.2015 14:45, Michael Niedermayer wrote: > On Wed, Dec 02, 2015 at 11:13:44PM +0100, Andreas Cadhalpun wrote: >> If size is zero, avio_get_str fails, leaving the buffer uninitialized. >> This causes invalid reads in av_set_options_string. >> >> Signed-off-by: Andreas Cadhalpun>> --- >> libavformat/ffmdec.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) > > LGTM Pushed. Best regards, Andreas ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 2/2] ffmdec: reject zero-sized chunks
On Wed, Dec 02, 2015 at 11:13:44PM +0100, Andreas Cadhalpun wrote: > If size is zero, avio_get_str fails, leaving the buffer uninitialized. > This causes invalid reads in av_set_options_string. > > Signed-off-by: Andreas Cadhalpun> --- > libavformat/ffmdec.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) LGTM thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Everything should be made as simple as possible, but not simpler. -- Albert Einstein signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH 2/2] ffmdec: reject zero-sized chunks
If size is zero, avio_get_str fails, leaving the buffer uninitialized. This causes invalid reads in av_set_options_string. Signed-off-by: Andreas Cadhalpun--- libavformat/ffmdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c index 9ad771e..afba905 100644 --- a/libavformat/ffmdec.c +++ b/libavformat/ffmdec.c @@ -423,7 +423,7 @@ static int ffm2_read_header(AVFormatContext *s) } break; case MKBETAG('S', '2', 'V', 'I'): -if (f_stvi++) { +if (f_stvi++ || !size) { ret = AVERROR(EINVAL); goto fail; } @@ -438,7 +438,7 @@ static int ffm2_read_header(AVFormatContext *s) goto fail; break; case MKBETAG('S', '2', 'A', 'U'): -if (f_stau++) { +if (f_stau++ || !size) { ret = AVERROR(EINVAL); goto fail; } -- 2.6.2 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel