On 04/08/14 06:45, Anton Khirnov wrote: > > On Sun, 03 Aug 2014 18:02:50 +0200, Luca Barbato <[email protected]> wrote: >> On 03/08/14 17:29, Diego Biurrun wrote: >>> From: Michael Niedermayer <[email protected]> >>> >>> Fixes CVE-2011-3935 >>> >>> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind >>> Signed-off-by: Michael Niedermayer <[email protected]> >>> Signed-off-by: Diego Biurrun <[email protected]> >>> --- >>> >>> This is the version for the 0.8 branch. I have no sample to verify >>> the fix. >>> >> >> Looks strange, don't we have a similar check in the generic code before >> calling the get_buffer callback? >> > > There is no generic code in 0.8, codecs just call the callback directly. > I think the patch is fine. Or shouldn't hurt at least.
It shouldn't hurt but doesn't solve the issue as I said for the release 9 version (that luckily had a wrapper already). I had Diego promise me to fix the issue properly, hopefully he will. lu _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
