[FFmpeg-devel] [PATCH] some length validation for mjpegdec

Michael Niedermayer michaelni
Sat Jul 24 13:15:59 CEST 2010


On Sat, Jul 24, 2010 at 10:25:17AM +0200, Reimar D?ffinger wrote:
> On Sat, Jul 24, 2010 at 02:54:58AM +0200, Michael Niedermayer wrote:
> > > @@ -225,6 +232,15 @@
> > >      if (nb_components <= 0 ||
> > >          nb_components > MAX_COMPONENTS)
> > >          return -1;
> > > +    if (len != 8 + 3*nb_components)
> > > +    {
> > > +        av_log(s->avctx, AV_LOG_DEBUG, "decode_sof0: error, len(%d) mismatch\n", len);
> > > +        len = 8 + 3*nb_components;
> > > +    }
> > > +    if (len > (get_bits_left(&s->gb) + 4*16) >> 3) {
> > > +        av_log(s->avctx, AV_LOG_ERROR, "decode_sof: not enough data\n");
> > > +        return -1;
> > > +    }
> > 
> > this is hmm
> > len is not used anywhere, setting it to a wrong value
> > is just wrong
> > the actual amount read could be tested without messing with len
> 
> Sure, it's just that the len check was already there and I thought
> allowing an inconsistent len value would be a bad idea.

i dont see how a larger len value would be inconsistent
and a smaller would indicate a non standard format/ommision of something


> However I also didn't want to fail on it, since having a check there
> that did not fail seemed like an indication that there might
> be files out there that are broken that way.
> Is there any alternative you like particularly?

FFMAX(what we read, len)<<3 > get_bits_left(&s->gb)

also AV_LOG_DEBUG and "error" in the string dont match


[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

No human being will ever know the Truth, for even if they happen to say it
by chance, they would not even known they had done so. -- Xenophanes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100724/bf064fd1/attachment.pgp>



More information about the ffmpeg-devel mailing list