[FFmpeg-devel] [PATCH] add av_shrink_packet

[Reimar Döffinger]

On Wed, Apr 08, 2009 at 10:55:27PM +0100, M?ns Rullg?rd wrote:
> Reimar D?ffinger <Reimar.Doeffinger at gmx.de> writes:
> > I can't follow that reasoning, removing any chance that the bugs are
> > triggered for "normal" files while it is still trivial to craft
> > files that trigger them IMO does not even qualify as "security by
> > obscurity".
> 
> I'd rather have a frame skipped than a crash for a slightly damaged
> file, even if it's possible to craft a file that crashes the decoder.

Well, that IMHO just isn't quite the choice.
It might be a bit like this if truncated files were the vastly most
likely cause of corruption, but given the amount of data transferred via
ftp etc. vs. bittorrent I believe the opposite is the case.
So I think what removing that "partial packet" support would do is
hiding the bugs in rare but for us easy to get sample files for case
(truncated files) while leaving the crashes in the cases that are more
important for the user (files where the packet size is broken at demuxer
level, (possibly custom) network streaming protocols where data may be
lost), and at the cost of losing a bit of error concealment.
Of course it is a matter of opinion, but I think that even outside the
security argument there are good arguments why not supporting truncated
packets might just as well make the user experience worse.
And btw. the ALAC case is trivial to improve a lot, it did not have
a single check on the input buffer size (though making sure it is 100%
correct is more difficult, not sure if those only 8 bytes of input
buffer padding isn't a bit too little, making checks needlessly complex).