On 02.01.2016 16:59, Nicolas George wrote:
> Le tridi 13 nivôse, an CCXXIV, Andreas Cadhalpun a écrit :
>> It is used to store the difference between pointers, so ptrdiff_t is the
>> correct type.
>>
>> This prevents potential overflows.
>>
>> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
>> ---
>> libavformat/ffmdec.c | 5 +++--
>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c
>> index 3162354..f4f8144 100644
>> --- a/libavformat/ffmdec.c
>> +++ b/libavformat/ffmdec.c
>> @@ -36,7 +36,7 @@ static int ffm_is_avail_data(AVFormatContext *s, int size)
>> {
>> FFMContext *ffm = s->priv_data;
>> int64_t pos, avail_size;
>> - int len;
>> + ptrdiff_t len;
>>
>> len = ffm->packet_end - ffm->packet_ptr;
>> if (size <= len)
>> @@ -87,7 +87,8 @@ static int ffm_read_data(AVFormatContext *s,
>> {
>> FFMContext *ffm = s->priv_data;
>> AVIOContext *pb = s->pb;
>> - int len, fill_size, size1, frame_offset, id;
>> + int fill_size, size1, frame_offset, id;
>> + ptrdiff_t len;
>> int64_t last_pos = -1;
>>
>> size1 = size;
>
> Should not be needed: the only place where packet_end becomes different from
> packet_ptr is this:
>
> ffm->packet_end = ffm->packet + (ffm->packet_size - FFM_HEADER_SIZE -
> fill_size);
>
> and ffm->packet_size is int (OTOH, this particular bit of pointer arithmetic
> should probably check packet_size beforehand).
Nonetheless it is better to use the correct type.
And without patch one of this series, the overflow is actually possible.
Happy new year,
Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
