On Tue, Nov 08, 2016 at 12:21:52AM +0000, Tom Butterworth wrote:
> This allows a subsequent change to compress directly into the output packet
> when possible.
> ---
> libavcodec/hapenc.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/libavcodec/hapenc.c b/libavcodec/hapenc.c
> index 076923b..7056b62 100644
> --- a/libavcodec/hapenc.c
> +++ b/libavcodec/hapenc.c
> @@ -52,10 +52,9 @@ enum HapHeaderLength {
> HAP_HDR_LONG = 8,
> };
>
> -static void compress_texture(AVCodecContext *avctx, const AVFrame *f)
> +static void compress_texture(AVCodecContext *avctx, uint8_t *out, const
> AVFrame *f)passing an output array without array size into a function raises a red security flag. This should have some check or assert to protect against overwriting beyond the array end. And or the size requirements should be documented so that the code allocating and te code writing stay in sync Even if it never can overwrite ATM, assumtations can easily get broken or get out of sync by mistake ... while this isnt exactly a problem introduced by this patch i think this should be improved [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Frequently ignored answer#1 FFmpeg bugs should be sent to our bugtracker. User questions about the command line tools should be sent to the ffmpeg-user ML. And questions about how to use libav* should be sent to the libav-user ML.
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
