Re: [libav-devel] [PATCH] avformat/mpegtsenc: Check data array size in mpegts_write_pmt()

> Indeed, now the question pending is how we can overflow it and how to > notify the user when it happens. Not looked at it deeply but it appears to be possible if the user specifies too many languages. ___ libav-devel mailing list libav-devel@libav.org

Re: [libav-devel] [PATCH] avformat/mpegtsenc: Check data array size in mpegts_write_pmt()

On 01/08/14 14:41, Rafaël Carré wrote: > On 08/01/14 13:57, Luca Barbato wrote: >> On 01/08/14 13:41, siret...@gmail.com wrote: >>> From: Michael Niedermayer >>> >>> Prevents out of array writes >>> Addresses: CVE-2014-2263 >>> --- >>> libavformat/mpegtsenc.c | 9 +++-- >>> 1 file changed, 7

Re: [libav-devel] [PATCH] avformat/mpegtsenc: Check data array size in mpegts_write_pmt()

On 08/01/14 13:57, Luca Barbato wrote: > On 01/08/14 13:41, siret...@gmail.com wrote: >> From: Michael Niedermayer >> >> Prevents out of array writes >> Addresses: CVE-2014-2263 >> --- >> libavformat/mpegtsenc.c | 9 +++-- >> 1 file changed, 7 insertions(+), 2 deletions(-) > > This is an enc

Re: [libav-devel] [PATCH] avformat/mpegtsenc: Check data array size in mpegts_write_pmt()

On 01/08/14 13:41, siret...@gmail.com wrote: > From: Michael Niedermayer > > Prevents out of array writes > Addresses: CVE-2014-2263 > --- > libavformat/mpegtsenc.c | 9 +++-- > 1 file changed, 7 insertions(+), 2 deletions(-) This is an encoder, it means that the data buffer is smaller than

[libav-devel] [PATCH] avformat/mpegtsenc: Check data array size in mpegts_write_pmt()

From: Michael Niedermayer Prevents out of array writes Addresses: CVE-2014-2263 --- libavformat/mpegtsenc.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libavformat/mpegtsenc.c b/libavformat/mpegtsenc.c index 838702e..de27d70 100644 --- a/libavformat/mpegtsenc.c +