[FFmpeg-devel] [RFC] ignore invalid user-supplied width/height

Michael Niedermayer michaelni
Thu Sep 2 11:04:22 CEST 2010

On Tue, Aug 31, 2010 at 09:49:33PM +0200, Reimar D?ffinger wrote:
> Hello,
> most video codecs will figure out a width/height themselves or fail
> if they can't.
> So IMO it is better not to fail for invalid values in avcodec_open but
> instead just ignore the values by using the "default" of 0.
> Otherwise applications would have to manually check the values with
> av_check_image_size if they want the video to remain playable even
> if the container values were corrupted.
> Any objections?

yes, this change will leave invalid values in width/height and has a
good chance that this may be exploitable with some decoder

Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Freedom in capitalist society always remains about the same as it was in
ancient Greek republics: Freedom for slave owners. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100902/db36d4a5/attachment.pgp>

More information about the ffmpeg-devel mailing list