[MPlayer-dev-eng] [PATCH] safe lzo decompression should be used

Rich Felker dalias at aerifal.cx
Sun Apr 9 15:42:32 CEST 2006


On Sun, Apr 09, 2006 at 11:22:00AM +0200, Reimar Döffinger wrote:
> Hi,
> currently some decoders in libmpcodecs use lzo1x_decompress instead of
> lzo1x_decompress_safe, which means that there are no checks at all if
> the data fits in the output buffer. Despite the speed loss I think this
> really needs to be fixed (see attached patch). If speed really matters
> that much for somebody it would still be possible to add an switch to
> configure (like --extra-insecure :-P)

Whoever wrote this lzo decoder is an idiot. Having an unsafe version
is not at all useful and it's certainly possible to make the safe
version just as fast...

Anyway apply this patch and 10l to whoever wrote the code... but
10000000000l to whoever wrote the library and named the functions
lzo1x_decompress and lzo1x_decompress_safe rather than
lzo1x_decompress_idiotic_insecure_shit and lzo1x_decompress.

Rich




More information about the MPlayer-dev-eng mailing list