[FFmpeg-devel] [PATCH] Checked get_bits.h functions to prevent overread

Laurent Aimar fenrir at elivagar.org
Fri Sep 9 08:16:31 CEST 2011


Hi,

On Fri, Sep 09, 2011 at 02:26:53AM +0200, Michael Niedermayer wrote:
> On Fri, Sep 09, 2011 at 02:05:19AM +0200, Laurent Aimar wrote:
> [...]
> > > > @@ -311,7 +331,12 @@ static inline unsigned int get_bits1(GetBitContext *s){
> > > >      result <<= index & 7;
> > > >      result >>= 8 - 1;
> > > >  #endif
> > > > +#ifndef UNCHECK_BITSTREAM_READER
> > > > +    if (index < s->size_in_bits)
> > > > +        index++;
> > > > +#else
> > > >      index++;
> > > > +#endif
> > > 
> > > i think this will break error detection of some files with some
> > > decoders because they detect it by an overread having happened
> > > 
> > > also it might lead to infinite loops or other unexpected things
> > > as some decoders depend on them
> > > hitting zero padding after the buffer which is guranteed to lead to
> > > vlc decoding failures for them as they have no valid all 0 vlc code
> >  I see. A simple way could be to simply add 8 * PADDING_SIZE to the check.
> > I will add that locally.
> 
> Iam not sure this is enough
> the problematic case iam thinking of is a decoder that works with
> slices, so the guranteed 0 padding would be farther away if the
> current slice is not the last. mpeg1/2 should be examples of this
> case
> 
> maybe just returning 0 after size+something would work better
 I wanted to avoid the check while loading the cache, but you're right,
it's probably the simplest solution to avoid the issue you mentionned.
 I will provide a patch to do that instead.

-- 
fenrir



More information about the ffmpeg-devel mailing list