Trans.: [XviD-devel] Fw: buffer overflow in userdata parser
Edouard Gomez
ed.gomez at free.fr
Wed Jan 19 10:23:56 CET 2005
Still a forward from pete.
----------------------- Original Message -----------------------
From: pete <pross at xvid.org>
To: xvid-devel at xvid.org
Date: Tue, 18 Jan 2005 23:21:30 +1100
Subject: buffer overflow in userdata parser
----
hi,
having just reviewed the userdata parsing code,
there appears to be a buffer overflow error when
the userdata is 256 bytes or more. patch below.
side note: isn't 256 bytes overkill. the largest
string we have to process is going to be
something like "DivX503Build99999p". even in we
extend the integers to 2^32, there still less
than 32 bytes to process..
diff -u -r1.48 bitstream.c
--- bitstream.c 5 Dec 2004 13:56:13 -0000 1.48
+++ bitstream.c 17 Jan 2005 06:50:08 -0000
@@ -981,16 +981,17 @@
return coding_type;
} else if (start_code == USERDATA_START_CODE) {
- char tmp[256];
+#define USERDATA_LEN 256
+ char tmp[USERDATA_LEN];
int i, version, build;
char packed;
BitstreamSkip(bs, 32); /* user_data_start_code */
- memset(tmp, 0, 256);
+ memset(tmp, 0, USERDATA_LEN);
tmp[0] = BitstreamShowBits(bs, 8);
- for(i = 1; i < 256; i++){
+ for(i = 1; i < USERDATA_LEN - 1; i++){
tmp[i] = (BitstreamShowBits(bs, 16) & 0xFF);
if(tmp[i] == 0)
--
pete
More information about the XviD-devel
mailing list