[FFmpeg-devel] get_bits overrun checking from Google Chrome patches

Robert Swain robert.swain
Tue Sep 8 02:29:27 CEST 2009


It seems there's an issue with some code in the AAC decoder where
parsing a file can cause overrunning of the end of the file by calling
get_bits() when there are not enough bits left to get.

Google have made this patch to add some overrun checking to get_bits():


To quote their comments:

+    /* Ugly, but clients of this bit reader do not seem to check for enough
+     * data before calling. So we'll return 0's on overrun rather than crashing
+     * with random read faults.
+     */

An example of the application of this is to set buffer_enforcing after
calling init_get_bits() and then check buffer_exhausted after calling
get_bits() and erroring out appropriately.

The case in the AAC decoder is:

while ((elem_type = get_bits(&gb, 3)) != TYPE_END) {

I'm actually a little surprised we didn't spot and remedy this
earlier. Any suggestions for any cleaner solutions than Google's

Best regards,

More information about the ffmpeg-devel mailing list