[FFmpeg-devel] [RFC] Sechole in gcc 3.3+ and 4.*

Uoti Urpala uoti.urpala
Mon Apr 7 20:45:49 CEST 2008

On Mon, 2008-04-07 at 19:30 +0100, M?ns Rullg?rd wrote:
> Reimar D?ffinger <Reimar.Doeffinger at stud.uni-karlsruhe.de> writes:
> > On Mon, Apr 07, 2008 at 02:18:16PM +0200, Michael Niedermayer wrote:
> >> Lars T?uber, told me about a sechole in gcc 4.2+
> >> http://www.heise.de/newsticker/GCC-optimiert-Sicherheitspruefungen-weg--/meldung/106097
> >> http://www.kb.cert.org/vuls/id/162289
> >> 
> >> The issue described though is rather harmless.
> >> That is i think a check like buf+len < buf makes little sense.
> >
> > I think a old version of my lzo code had this, so keep your eyes open
> > for constructs like that ;-).
> It's not a problem with unsigned numbers.

In the above "buf" is a pointer. There's no version of pointers that
would be guaranteed to have wrapping behavior (as addition/subtraction
is only guaranteed to work within the "pointed-to object"). So
signedness is not relevant.

I also wonder in which case the issue with with pointers (which is what
is described in the original article) would matter. Even if that check
worked it could only detect cases where the addition wraps completely
around the address space of the machine, but not cases where it "only"
goes beyond the allocated buffer. Maybe that would be in conjunction
with other checks, such as "if (buf+len < buf || buf+len > buf_end)".

More information about the ffmpeg-devel mailing list