2018-06-21 5:46 GMT+02:00, Xiao Yang <yang...@hotmail.com>:
> Fixes invalid writes when there are more blocks in a run
> than total remaining blocks
Please provide a test-case that allows to reproduce the
issue your patch fixes.
> (see CVE-2014-8548)
> ---
> libavcodec/rpza.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/libavcodec/rpza.c b/libavcodec/rpza.c
> index b71ebd1..7cb6b89 100644
> --- a/libavcodec/rpza.c
> +++ b/libavcodec/rpza.c
> @@ -68,6 +68,11 @@ typedef struct RpzaContext {
> row_ptr += stride * 4; \
> } \
> total_blocks--; \
> + if (total_blocks < !!n_blocks) \
> + { \
> + av_log(s->avctx, AV_LOG_INFO, "warning: block
> counter just went negative (this should not happen)\n"); \
> + return; \
This produces several warnings at compile time, please fix them.
Carl Eugen
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
