[FFmpeg-devel] [PATCH 01/12] adxdec: validate sample_rate

Michael Niedermayer michael at niedermayer.cc
Wed Oct 26 00:27:10 EEST 2016

On Tue, Oct 25, 2016 at 07:45:25PM +0200, Andreas Cadhalpun wrote:
> On 25.10.2016 12:58, Paul B Mahol wrote:
> > patch(es)have good intent, but better fix is doing/checking it in single place.
> I don't agree.
> In general, validity checks should be where the values are actually read.
> This eliminates the risk that bogus values could cause problems between being set
> and being checked.
> Also, having only a check in a central place is bad for debugging, because it is
> not immediately clear where the bogus value came from, when the check is triggered.
> (I know this from personal experience debugging all the cases triggering the
> assert in av_rescale_rnd.)
> The problem with that approach is that such checks can easily be forgotten, which
> is why I think a check in a central place would make sense in addition to checking
> the individual cases.

some formats may also lack a sample rate like mpeg ps/ts
the fact is known insude the demuxer, generic code after it doesnt
know. Doing the only check after the parser is a bit late OTOH


Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

What does censorship reveal? It reveals fear. -- Julian Assange
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20161025/2ee3baf4/attachment.sig>

More information about the ffmpeg-devel mailing list