On 19.12.2015 16:25, Michael Niedermayer wrote: > On Sat, Dec 19, 2015 at 02:25:42PM +0100, Andreas Cadhalpun wrote: >> nutdec.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> d1813b6394c006a3f235e5e9a5fb8f5172933736 >> 0001-nutdec-reject-negative-value_len-in-read_sm_data.patch >> From 98fc98ce850d4d7fce30ee653dd48c063f0eaae6 Mon Sep 17 00:00:00 2001 >> From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> >> Date: Sat, 19 Dec 2015 12:02:56 +0100 >> Subject: [PATCH] nutdec: reject negative value_len in read_sm_data >> >> If it is negative, it can cause the byte position to move backwards in >> avio_skip, which in turn makes sm_size negative and thus size larger >> than the size of the packet buffer, causing invalid writes in avio_read. >> >> Also fix potential overflow of avio_tell(bc) + value_len. >> >> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> >> --- >> libavformat/nutdec.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) > > LGTM
Pushed. Best regards, Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
