[MPlayer-dev-eng] [PATCH] safe lzo decompression should be used
Guillaume POIRIER
poirierg at gmail.com
Sun Apr 9 15:41:15 CEST 2006
Hi,
On 4/9/06, Rich Felker <dalias at aerifal.cx> wrote:
> On Sun, Apr 09, 2006 at 11:22:00AM +0200, Reimar Döffinger wrote:
> > Hi,
> > currently some decoders in libmpcodecs use lzo1x_decompress instead of
> > lzo1x_decompress_safe, which means that there are no checks at all if
> > the data fits in the output buffer. Despite the speed loss I think this
> > really needs to be fixed (see attached patch). If speed really matters
> > that much for somebody it would still be possible to add an switch to
> > configure (like --extra-insecure :-P)
>
> Whoever wrote this lzo decoder is an idiot. Having an unsafe version
> is not at all useful and it's certainly possible to make the safe
> version just as fast...
>
> Anyway apply this patch and 10l to whoever wrote the code... but
> 10000000000l to whoever wrote the library and named the functions
> lzo1x_decompress and lzo1x_decompress_safe rather than
> lzo1x_decompress_idiotic_insecure_shit and lzo1x_decompress.
It's Tilmann Bitterberg:
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/libmpcodecs/vd_lzo.c
if you have too much free time, you probably can find his address to
send the pool of cola, and virtually fly over his house with google
map :)
Guillaume
--
I am disillusioned enough to know that no man's opinion on any subject
is worth a damn unless backed up with enough genuine information to
make him really know what he's talking about.
-- H. P. Lovecraft (about the flamewars on FFmpeg and MPlayer-dev mailing lists)
http://www.brainyquote.com/quotes/quotes/h/hplovecr278144.html
More information about the MPlayer-dev-eng
mailing list