Kees Cook wrote: > Thanks for the bug report! Do you have a public reproducer to help test > for this issue?
The bug report at upstream [1] states that this bug was closed/invalid because: [quote] I dont see how this can overflow, if you disgaree please provide a full example with values. RESPONSE: nope!! you are right , I didn't notice the uint64_t casting the size check which limits the width to smaller values !! [/quote] [1] http://roundup.mplayerhq.hu/roundup/ffmpeg/issue701 -- Possible buffer underflow caused by integer overflow in the image conversion routines https://bugs.launchpad.net/bugs/288823 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs