On Tue, Oct 20, 2020 at 04:57:47PM +0200, Paul B Mahol wrote: > This broke decoding of every single file. >
> Please revert ASAP!
reverted, i have to say though that this was the bound that you posted.
I think you mixed upper and lower bounds and I didnt notice
The patch i originally posted works with the 2 test samples I now have
are you ok with it (the change is below for reference)
@@ -490,6 +490,9 @@ static int decode_frame(AVCodecContext *avctx,
bytestream2_init(gb, s->lzf_buffer, uncompressed_size);
} else if (s->format == 1) {
+ if (bytestream2_get_bytes_left(gb) < uncompressed_size / 255)
+ return AVERROR_INVALIDDATA;
+
av_fast_padded_malloc(&s->uncompressed_buffer, &s->uncompressed_size,
uncompressed_size);
if (!s->uncompressed_buffer)
Thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
While the State exists there can be no freedom; when there is freedom there
will be no State. -- Vladimir Lenin
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
