[MPlayer-dev-eng] [PATCH] fix SAMI parsing
Howard Chu
hyc at highlandsun.com
Thu Jun 10 02:31:50 CEST 2010
Reimar Döffinger wrote:
> On Wed, Jun 09, 2010 at 08:02:50PM +0200, Reimar Döffinger wrote:
>> On Tue, Jun 08, 2010 at 10:55:08PM -0700, Howard Chu wrote:
>>>> Either way it seems obvious that is a non-productive way of attacking
>>>> our disagreement.
>>>> You have seen my proposal.
>>>> It IMO has at very least the advantage of being future-proof: If other
>>>> cases are added you don't have to take care to always read as much data
>>> >from s as you write to d, instead you just have to make sure you never write
>>>> more that 7 values.
>>>> This seems to me much easier to ensure.
>>>> In addition I think the check itself is more obvious than the memchr for '-'.
>>>> That it eliminates the need to assuming things about strtoul is also a bonus.
>>>> Do you disagree with those? Or do you have some other reason why you prefer
>>>> to do it the way you proposed?
>>>
>>> + else if (!strncmp (s, "&#", 2)) {
>>> + uint32_t c;
>>> + uint8_t tmp;
>>> + q = s+2;
>>> + c = strtoul(q,&s, 0);
>>> + if (c<= 0x7fffffff) PUT_UTF8(c, tmp, *p++ = tmp;)
>>> + if (*s == ';') s++; }
>>
>> So be pedantic, this assumes long is>= 32 bit and two's complement
>
> And certainly doesn't answer my question as to the "why".
> After re-reading the spec I guess it probably won't.
> I still consider it a quite round-about way to check that
> s-q is less than what PUT_UTF8 will write, which in turn
> is already a non-obvious way to ensure that p will not
> go outside the array.
Your approach with a fixed 8-byte check was clearly wrong. It would falsely
detect out-of-buffer space for a wide range of valid/safe inputs, e.g. " ".
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the MPlayer-dev-eng
mailing list