[FFmpeg-devel] [PATCH] Decoding of raw UTF-8 text from Ogg streams

ogg.k.ogg.k at googlemail.com ogg.k.ogg.k
Sun Aug 16 13:19:06 CEST 2009


> What we definitly want is to provide our users with a normal expected
> display that other players would also present. Here pure UTF-8 may be
> too little, that said external dependencies are generally disliked unless
> the external lib is very well written and my memory of xiph code is not
> at all in that direction. I would even go as far as asking the submitter
> of a wraper around yet another xiph lib to take a quick look at its
> security (if it like other libs depend on checksum checks to prevent
> crashes, i would not accept a wraper using it, nor would i if there
> is concern about its securty otherwise)

Since I wrote it, I'd be judge and party, but I was conscious of security.
While I do not claim to be aware of all possible problems, the lib does
check errors, check the incoming bitstream for sane values, tries to
avoid integer overflows (though I'm not fluent with those), and even has
a 'anti DoS' mode where excessive sizes are rejected. The code also
was fuzz tested (and tests run cleanly with Valgrind).

I'm sure problems will be found though, reports welcome.

I guess a first port of call is a UTF-8 decoder. I'll send that after we're all
done with the ASS/SSA decoder and see where it takes us.

Thanks



More information about the ffmpeg-devel mailing list