[FFmpeg-devel] oggparsevorbis.c vorbis_comment: check for negative size

Michael Niedermayer michaelni
Wed Oct 10 12:38:30 CEST 2007


Hi

On Mon, Oct 08, 2007 at 04:10:45AM +0200, Michael Niedermayer wrote:
> Hi
> 
> On Sun, Oct 07, 2007 at 11:33:20AM -0400, Rich Felker wrote:
> > On Sun, Oct 07, 2007 at 02:38:10PM +0200, matthieu castet wrote:
> > > Attila Kinali wrote:
> > > > On Sun, 7 Oct 2007 12:42:13 +0200
> > > > Attila Kinali <attila at kinali.ch> wrote:
> > > > 
> > > > 
> > > >> The segfault occures, because s is read from the file but only
> > > >> checked to be smaller than the limit, but not whether it is
> > > >> positive, resulting in an overflow when it is a big negative number.
> > > >>
> > > >> Patch attached
> > > > 
> > > > Updated patch. Missed another occurence of the same problem.
> > > Why doesn't you make s unsigned ?
> > 
> > It won't solve the overflow issue. However checking to make sure s is
> > not negative is just a hack to work around the problem of not writing
> > overflow-safe unsigned arithmetic.
> 
> yes i agree
> 
> _maybe_ the following would fix it (ive not checked too carefull)

i will apply this in 2 days if there are no objections

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In a rich man's house there is no place to spit but his face.
-- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20071010/e3dcacc4/attachment.pgp>



More information about the ffmpeg-devel mailing list