On 07.11.2015 06:07, Paul B Mahol wrote: > On 11/6/15, Andreas Cadhalpun <andreas.cadhal...@googlemail.com> wrote: >> The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size >> is 3, the right side overflows leading to a wrong result of the >> comparison and subsequently a heap buffer overflow. >> >> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> >> --- >> libavformat/jvdec.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) > > lgtm
Pushed... On 07.11.2015 06:19, Timothy Gu wrote: > On Fri, Nov 06, 2015 at 09:11:40PM +0100, Andreas Cadhalpun wrote: >> Subject: [FFmpeg-devel] [PATCH] jvdec: avoid unsized overflow in comparison > > *unsigned ...with the typo fixed. Best regards, Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
