On Tue, 8 Nov 2016 at 12:44 Michael Niedermayer <mich...@niedermayer.cc> wrote: ...
> > -static void compress_texture(AVCodecContext *avctx, const AVFrame *f) > > +static void compress_texture(AVCodecContext *avctx, uint8_t *out, const > AVFrame *f) > > passing an output array without array size into a function raises a > red security flag. > > This should have some check or assert to protect against overwriting > beyond the array end. > And or the size requirements should be documented so that the code > allocating and te code writing stay in sync > > Even if it never can overwrite ATM, assumtations can easily get > broken or get out of sync by mistake ... > > while this isnt exactly a problem introduced by this patch i think this > should be improved > Okay, revised patches will follow _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
