[gstreamer-bugs] [Bug 173044] New: [PATCH to ffmpeg] Memory error in mjpeg_decode_frame
bugzilla-daemon at bugzilla.gnome.org
bugzilla-daemon at bugzilla.gnome.org
Fri Apr 8 03:37:23 PDT 2005
Please DO NOT reply to this by email. All additional comments should be made in
the comments box of this bug report.
http://bugzilla.gnome.org/show_bug.cgi?id=173044
GStreamer | gst-ffmpeg | Ver: HEAD CVS
Summary: [PATCH to ffmpeg] Memory error in mjpeg_decode_frame
Product: GStreamer
Version: HEAD CVS
Platform: Other
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: gst-ffmpeg
AssignedTo: gstreamer-bugs at lists.sourceforge.net
ReportedBy: luogni at tin.it
QAContact: gstreamer-bugs at lists.sourceforge.net
CC: all-bugs at bugzilla.gnome.org
In the function mjpeg_decode_frame (mjpeg.c):
buf_ptr = buf;
buf_end = buf + buf_size;
but in find_marker:
while (buf_ptr < buf_end) {
v = *buf_ptr++;
v2 = *buf_ptr;
...
So if buf_ptr == (buf_end - 1), v2 = buf_ptr[buf_end] and this gives [Invalid
read of size 1]. I think that buf_end should be declared as
buf_end = buf + buf_size - 1;
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are the QA contact for the bug.
More information about the Gstreamer-bugs
mailing list