[FFmpeg-devel] [PATCH] ff_split_xiph_headers returns broken header_len < 0
Reimar Döffinger
Reimar.Doeffinger
Sat Apr 19 20:07:48 CEST 2008
On Sat, Apr 19, 2008 at 05:29:02PM +0200, Michael Niedermayer wrote:
> On Fri, Apr 18, 2008 at 11:02:56PM +0200, Reimar D?ffinger wrote:
> > }
> > - } else if (extradata[0] == 2) {
> > + } else if (extradata_size >= 3 && extradata_size + 0x1ff > 0 && extradata[0] == 2) {
>
> this check will not work with gcc, have i not been loud enough about gccs
> behaviour with signed overflow checks?
Well, I am not sure whether there is a point in this check or not. Also
I must have missed it, I was only aware of the "problem" when a pointer
is involved.
I can make it extradata_size > INT_MAX - 0x1ff , I just considered it
quite obfuscated.
More information about the ffmpeg-devel
mailing list