Re: [FFmpeg-devel] [PATCH] lavf/utils.c Protect against accessing entries[nb_entries]

Wed, 14 Dec 2016 19:35:00 -0800 

On Wed, Dec 14, 2016 at 03:38:18PM -0800, Matthew Wolenetz wrote:
> In ff_index_search_timestamp(), if b == num_entries,
> m == num_entries - 1, and entries[m].flags & AVINDEX_DISCARD_FRAME is
> true, then the search for the next non-discarded packet could access
> entries[nb_entries], exceeding its bounds. This change adds a protection
> against that scenario. Reference: https://crbug.com/666770

>  utils.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 309ffb570701252b564cf92d8c76a57d9413d23f  
> 666770-lavf-utils.c-Protect-against-accessing-entries-nb_en.patch
> From e91355afac548fbc7cc0cb4ecbc06dce6495df80 Mon Sep 17 00:00:00 2001
> From: Matt Wolenetz <wolen...@chromium.org>
> Date: Mon, 21 Nov 2016 15:54:02 -0800
> Subject: [PATCH] lavf/utils.c Protect against accessing entries[nb_entries]
> 
> In ff_index_search_timestamp(), if b == num_entries,
> m == num_entries - 1, and entries[m].flags & AVINDEX_DISCARD_FRAME is
> true, then the search for the next non-discarded packet could access
> entries[nb_entries], exceeding its bounds. This change adds a protection
> against that scenario. Reference: https://crbug.com/666770
> ---
>  libavformat/utils.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavformat/utils.c b/libavformat/utils.c
> index fb17423..b2d25eb 100644
> --- a/libavformat/utils.c
> +++ b/libavformat/utils.c
> @@ -1968,7 +1968,7 @@ int ff_index_search_timestamp(const AVIndexEntry 
> *entries, int nb_entries,
>          m         = (a + b) >> 1;
>  
>          // Search for the next non-discarded packet.
> -        while ((entries[m].flags & AVINDEX_DISCARD_FRAME) && m < b) {
> +        while ((entries[m].flags & AVINDEX_DISCARD_FRAME) && m < b && m < 
> nb_entries - 1) {

Maybe sasi inguva can comment but i wonder if the code shouldnt
check the left side of m if nothing is found on the right

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

What does censorship reveal? It reveals fear. -- Julian Assange

Attachment: signature.asc
Description: Digital signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to