[opus] [PATCH] Ensure mapping matrix size is always valid.
Jean-Marc Valin
jmvalin at jmvalin.ca
Thu Dec 7 22:12:57 UTC 2017
Looks good except for one detail:
+ size = rows * cols * sizeof(opus_int16);
+ if (rows > 255 || cols > 255 || size > 65004)
That should probably be:
+ if (rows > 255 || cols > 255 ||
+ rows * cols * sizeof(opus_int16) > 65004)
instead. Otherwise, if you pass very large values for both rows and
cols, then you can have an integer overflow before the test.
Cheers,
Jean-Marc
On 12/04/2017 07:08 PM, Drew Allen wrote:
> Hello,
>
> Attached is a patch that ensures only valid sizes of the mapping matrix
> are accepted.
>
> This patch depends on the most recent [PATCH] Fix memory issues in
> Projection API.
>
> Cheers,
> Drew
>
>
> _______________________________________________
> opus mailing list
> opus at xiph.org
> http://lists.xiph.org/mailman/listinfo/opus
>
More information about the opus
mailing list