[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] [bug #37629] buffer overflow from Input::readSWFJpeg3
From: |
Bastiaan Jacques |
Subject: |
[Gnash-commit] [bug #37629] buffer overflow from Input::readSWFJpeg3 |
Date: |
Sun, 28 Oct 2012 11:51:50 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0 |
Follow-up Comment #7, bug #37629 (project gnash):
The source of the problem is different than I thought. readSWFJpeg3() is
clearly written with a 3-bytes per pixel decoded image in mind, but in this
case libjpeg is decoding to a 4-byte per pixel format. In other words, the
following will fail if put inside readSWFJpeg3():
assert( j_in->getComponents() == 3);
The rest of the code, including the allocation, is done with this assumption
in mind.
Still left to discover is whether it is possible to include this JPEG data
into an AVM1 movie.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?37629>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/