Daniel Kang daniel.d.k...@gmail.com added the comment:
I have examined this issue. It occurs because when init_get_bits is called,
s-avctx-extradata_size4 is checked, but s-avctx-extradata_size*8 is not
checked for overflow. I have attached a patch that fixes this issue.
The run with the patch
Daniel Kang daniel.d.k...@gmail.com added the comment:
The first patch is incorrect. s-avctx-extradata_size*8 should be checked if it
is = 32, not 4, since it is multiplied times 8. I have uploaded a new patch and
deleted the first patch.
FFmpeg
New submission from Carl Eugen Hoyos ceho...@rainbow.studorg.tuwien.ac.at:
A sample from issue 1240:
(gdb) r -i smclockv8.wmv.1.1011 -f null /dev/null
Starting program: ffmpeg_g -i smclockv8.wmv.1.1011 -f null /dev/null
[Thread debugging using libthread_db enabled]
[New Thread 0x7fcb1af53700