[FFmpeg-devel] [PATCH 3/3] avcodec/aacpsdsp_template: Fixes integer overflow in ps_add_squares_c()
Ronald S. Bultje
rsbultje at gmail.com
Sun Jul 9 17:08:50 EEST 2017
Hi,
On Sun, Jul 9, 2017 at 4:39 AM, Reimar Döffinger <Reimar.Doeffinger at gmx.de>
wrote:
> On 09.07.2017, at 02:52, "Ronald S. Bultje" <rsbultje at gmail.com> wrote:
> > On Sat, Jul 8, 2017 at 5:17 PM, Michael Niedermayer
> <michael at niedermayer.cc>
> > wrote:
> >
> >>
> >> Does anyone object to this patch ?
> >> Or does anyone have a better idea on how to fix this ?
> >> if not id like to apply it
> >
> >
> > I think Rostislav's point is: why fix it, if it can only happen with
> > corrupt input? The before and after situation is identical: garbage in,
> > garbage out. If the compiler does funny things that makes the garbage
> > slightly differently bad, is that really so devilishly bad? It's still
> > garbage. Is anything improved by this?
>
> The way C works, you MUST assume any undefined behaviour can at any point
> [..] become exploitable.[..] If you don't like that, C is the wrong
> language to use.
I think I've read "the boy who cried wolf" a few too many times to my kids,
but the form of this discussion is currently too polarizing/political for
my taste.
Ronald
More information about the ffmpeg-devel
mailing list