Am 20.04.15 um 23:20 schrieb Andreas Cadhalpun: > On 19.04.2015 22:20, Luca Barbato wrote: >> On 18/04/15 18:58, Andreas Cadhalpun wrote: >>> If begin is smaller than t, the subtraction 'begin -= t' wraps around, >>> because begin is unsigned. The same applies for end < t. >>> >>> This causes segmentation faults. >> >> Actually, the access to raw_buffer seems a bit optimistic all over this >> code. >> >> I'd check that `master` is always between `raw_buffer` and the end of it. > > You mean something like the attached patch? > >> (I'm not sure if `div_blocks` is validated before, same for `offset`) > > That should catch problems in those as well.
Have you tested with fate after applying this patch locally? -Thilo _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
