[FFmpeg-cvslog] r15812 - in trunk/libavcodec: ac3dec.c ac3dec.h ac3dec_data.c ac3dec_data.h eac3dec.c
Justin Ruggles
justin.ruggles
Thu Nov 13 23:42:53 CET 2008
Hi,
Michael Niedermayer wrote:
> On Thu, Nov 13, 2008 at 04:18:13AM +0100, jbr wrote:
>> Author: jbr
>> Date: Thu Nov 13 04:18:13 2008
>> New Revision: 15812
>>
>> Log:
>> add support for spectral extension
>
> This code looks like it completely lacks validity checks and likely
> exploitable at several points.
> I am not asking you to revert it but i would be happy if you did anyway.
> This code should have passed review before commiting IMHO
I'm sorry. I have reverted the appropriate files to r15811.
> Below review is incomplete, there likely are more issues, also iam not
> mentioning the exploitable code as this patch needs to be reviewed completely
> for security issues (which i did not do) not just the one issue ive found
> fixed.
I'll make the suggested changes you have below, then submit a patch to
ffmpeg-devel. Could you please let me know more information about the
expoitable parts of this code (off-list if you prefer)?
Thank you,
Justin
More information about the ffmpeg-cvslog
mailing list