gnash-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-commit] [bug #37629] buffer overflow from Input::readSWFJpeg3

From: Bastiaan Jacques
Subject: [Gnash-commit] [bug #37629] buffer overflow from Input::readSWFJpeg3
Date: Sun, 28 Oct 2012 11:51:50 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0 
Follow-up Comment #7, bug #37629 (project gnash):

The source of the problem is different than I thought. readSWFJpeg3() is
clearly written with a 3-bytes per pixel decoded image in mind, but in this
case libjpeg is decoding to a 4-byte per pixel format. In other words, the
following will fail if put inside readSWFJpeg3():

assert( j_in->getComponents() == 3);

The rest of the code, including the allocation, is done with this assumption
in mind.

Still left to discover is whether it is possible to include this JPEG data
into an AVM1 movie.

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?37629>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]