[FFmpeg-trac] #72(swscale:new): Invalid pal8 sample crashes libswscale
FFmpeg
trac at avcodec.org
Thu Apr 28 13:06:53 CEST 2011
#72: Invalid pal8 sample crashes libswscale
----------------------+----------------------
Reporter: cehoyos | Owner: michael
Type: defect | Status: new
Priority: important | Component: swscale
Version: git | Resolution:
Keywords: | Blocked By:
Blocking: | Reproduced: 1
Analyzed: 0 |
----------------------+----------------------
Comment (by saste):
Replying to [ticket:72 cehoyos]:
> The sample from issue 2497 (that originally crashed the bfi decoder) now
crashes libswscale.
> {{{
> (gdb) r -i bfi_buffer_overread.bfi out.avi
Fixed in master:
commit bd2a3700c045201b043a0e812d932e9d4fc37e82
Author: Stefano Sabatini <stefano.sabatini-lala at poste.it>
Date: Mon Apr 25 01:17:08 2011 +0200
lsws: prevent overflow in sws_init_context()
In the loop:
for (i=0; i<dstH; i++) {
int chrI= i*c->chrDstH / dstH;
when i*c->chrDstH > INT_MAX this leads to an integer overflow, which
results in a negative value for chrI and in out-of-buffer reads. The
overflow is avoided by forcing int64_t arithmetic by casting i to
int64_t.
Fix crash, and trac issue #72.
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/72#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list