[FFmpeg-devel] [PATCH] lavu/avstring: check for overlong encodings

Nicolas George george at nsup.org
Sat Aug 30 15:06:14 CEST 2014


Le tridi 13 fructidor, an CCXXII, Stefano Sabatini a écrit :
> It is mathematically impossible that the length will be larger than 5.
> Added an assert for that though, alternatively I could add a check.

In ffprobe, the function is used with values coming directly from the file's
metadata: an assert is not acceptable in this case.

Furthermore, the function is capable of decoding the full UTF-8 range, up to
(1<<31)-1, and that takes 6 octets.

Also, I suspect checking for overlong encodings could have a flag just like
the other extraneous checks below.

Regards,

-- 
  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140830/d600a6da/attachment.asc>


More information about the ffmpeg-devel mailing list