New submission from Daniel Kang <[email protected]>: This is related to roundup issue 2495.
In mm_decode_inter, there is no sanity check on AV_RL16(&buf[0]). This could potentially cause reads into unallocated memory. This is especially complicated because of the different conditions (half_horiz and half_vert) along other factors (e.g. s->frame.linesize[0]). I have not been able to create a video that affects this bug, but it is a potential issue. I am not sure how to fix this. ---------- messages: 13240 priority: normal status: open substatus: open title: ffmpeg mm potential buffer over-read bug type: bug ________________________________________________ FFmpeg issue tracker <[email protected]> <https://roundup.ffmpeg.org/issue2496> ________________________________________________
