[FFmpeg-devel] [PATCH][RFC] variable frame sizes

Michael Niedermayer michaelni
Sat Jun 6 19:02:45 CEST 2009


On Thu, Jun 04, 2009 at 11:43:28PM -0700, Eric Buehl wrote:
> > i dont think thats sufficient to avoid problems, have you thought about
> > what happens when the result does not fit in 32bit ?
> >
> >
> I could ceiling any result greater than INT_MAX or less than INT_MIN.  Is
> this common for a single dimension of cropping to be that large -- let alone
> the entire frame dimension?

The code must not be exploitable.
That is it must not be possible to execute arbitrary code by any
intentionally created sequence of bytes.
-> under no circumstances may a write happen to a address that is outside
the intended array

overflows in variables related to picture dimensions are likely not safe
nor is randomly changing the output w/h

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I have often repented speaking, but never of holding my tongue.
-- Xenocrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090606/bee6157d/attachment.pgp>



More information about the ffmpeg-devel mailing list