On 23/01/13 11:32, Martin Storsjö wrote: > From: Xi Wang <[email protected]> > > A negative `size' will bypass FFMIN(). In the subsequent memcpy() call, > `size' will be considered as a large positive value, leading to a buffer > overflow. > > Change the type of `size' to unsigned int to avoid buffer overflow, and > simplify overflow checks accordingly. Also change a literal buffer > size to use sizeof, and limit the amount of data copied in another > memcpy call as well. > > Signed-off-by: Xi Wang <[email protected]> > --- > libavformat/rtmppkt.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-)
Ok. _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
