[FFmpeg-devel] ADPCM task (was Re: files in incoming)
Fri Jan 30 09:50:25 CET 2009
On Fri, Jan 30, 2009 at 08:06:04AM +0100, Stefan Gehrer wrote:
> @@ -1303,6 +1304,7 @@
> srcC = src + (avctx->channels-channel) * 4;
> srcC += (big_endian ? bytestream_get_be32(&src)
> : bytestream_get_le32(&src));
> + if ((srcC > src_end - 4) || (srcC < src)) break;
Unfortunately no, a C compiler is allowed to assume that pointer
operations will never overflow, thus removing the (srcC < src) check.
That's why the offset variable in the previous patch would have been a
good idea, with
int offset = (big_endian ? bytestream_get_be32(&src)
: bytestream_get_le32(&src)) +
(avctx->channels-channel) * 4;
you could have checked (offset < 0 || offset >= src_end - src - 4)
That is the best idea I had so far.
If there is the slightest reason to assume that offset can be > 2GB a
different check might make sense.
More information about the ffmpeg-devel