[FFmpeg-devel] [PATCH] Checked get_bits.h functions to prevent overread
michaelni at gmx.at
Fri Sep 9 14:54:34 CEST 2011
On Fri, Sep 09, 2011 at 11:53:26AM +0200, Reimar Döffinger wrote:
> On Fri, Sep 09, 2011 at 09:46:34AM +0000, Carl Eugen Hoyos wrote:
> > Laurent Aimar <fenrir <at> elivagar.org> writes:
> > > > > I have a list of crashes with their backtraces. A lot of the files used
> > > > > comes from VLC and mplayer FTP and so will probably be easy to retreive.
> > > >
> > > > > Is sending it to the ML is the right choice ?
> > > >
> > > > What's wrong with opening a ticket as explained on
> > > > http://ffmpeg.org/bugreports.html?
> > >
> > > It depends. I can create a unique ticket for the backtrace I have
> > That would be great! (or do you mean you could but it is too much effort?)
> > > but I
> > > won't do it for each crash I found (it was from an automated fuzzing tool
> > > and I have more than 400 crashes, of course some come from the same bug).
> > I am just trying to say that if a developer believes your patch is not
> > acceptable he has not much chance currently to fix the crashes individually.
> > You should make the 400 files available in some way, the best way is probably
> > the bug tracker.
> One sample per codec at the very least would be highly advisable.
> Just hacking the bitstream reader is unlikely to give really good
> results, even in the cases where it does not only replace the crash by
> an endless loop.
when index is a signed variable and you use a check like
if(index > max)
it should still crash when the variable overflows thus preventing an
> And past experience would indicate there are decoders that are trivial
> to fix but nobody was aware they existed...
absolutely, we should try to fix decoders not to need a checking
bitstream reader (if there are volunteers to do that, and i think there
are to some extend)
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
No snowflake in an avalanche ever feels responsible. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: Digital signature
More information about the ffmpeg-devel