On Mon, Mar 13, 2017 at 12:53:27PM +0100, Michael Niedermayer wrote: > On Mon, Mar 13, 2017 at 09:51:40AM +0100, Paul B Mahol wrote: > > On 3/13/17, Michael Niedermayer <mich...@niedermayer.cc> wrote: > > > Benchmarks with START_TIMER indicate that the code is faster with > > > unsigned, > > > (that is > > > with the patch), there was quite some fluctuation in the numbers so this > > > may > > > be just > > > random > > > > > > Fixes: 811/clusterfuzz-testcase-6465493076541440 > > > > > > Found-by: continuous fuzzing process > > > https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg > > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > > --- > > > libavcodec/simple_idct_template.c | 36 > > > ++++++++++++++++++------------------ > > > 1 file changed, 18 insertions(+), 18 deletions(-) > > > > > > > So this fixes remote code execution? > > It fixes integer overflows which are undefined behavior, > i very much doubt this allows any RCE in practive anywhere but > strictly speaking undefined means anything can happen > > > > > > Please state what commit fixes. > > Please see the first line of the commit message, which git puts in > the subject of the mail: > > Subject: Re: [FFmpeg-devel] [PATCH 3/4] avcodec/simple_idct_template: Fix > several integer overflows
i will apply the patch in 24h unless there is an objection [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I have never wished to cater to the crowd; for what I know they do not approve, and what they approve I do not know. -- Epicurus
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
