On Wed, Dec 28, 2016 at 1:15 PM, Anton Khirnov <an...@khirnov.net> wrote: > The code does some nontrivial jumping around in the buffer, so it is > safer to use a checked API rather than do everything manually. > > Fixes a bug in nalff parsing, where the length field is currently not > counted in the buffer size check, resulting in possible overreads with > invalid files. > > CC: libav-sta...@libav.org > Bug-Id: 1002 > Found-By: Kamil Frankowicz > --- > libavcodec/h2645_parse.c | 43 +++++++++++++++++++++---------------------- > 1 file changed, 21 insertions(+), 22 deletions(-) >
should be ok -- Vittorio _______________________________________________ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel