[FFmpeg-devel] [PATCH] ff_split_xiph_headers returns broken header_len < 0
Sat Apr 19 21:18:18 CEST 2008
Reimar D?ffinger <Reimar.Doeffinger at stud.uni-karlsruhe.de> writes:
> On Sat, Apr 19, 2008 at 07:11:45PM +0100, M?ns Rullg?rd wrote:
>> > I can make it extradata_size > INT_MAX - 0x1ff , I just considered it
>> > quite obfuscated.
>> Why isn't extradata_size unsigned?
> Don't ask me, but it is consistent with other size fields, and it does
> not really make much of a difference here.
> Though I guess in theory it might mean you can assume extradata_size to
> be between 0 and INT_MAX so if someone does malloc(extradata_size + 20)
> it is less likely to be a problem...
If it were unsigned, your overflow check would work as expected.
mans at mansr.com
More information about the ffmpeg-devel