[FFmpeg-devel] get_bits overrun checking from Google Chrome patches

Robert Swain robert.swain
Tue Sep 8 18:50:48 CEST 2009

2009/9/8 Alex Converse <alex.converse at gmail.com>:
> On Tue, Sep 8, 2009 at 4:21 AM, Reimar
> D?ffinger<Reimar.Doeffinger at gmx.de> wrote:
>> On Tue, Sep 08, 2009 at 01:29:27AM +0100, Robert Swain wrote:
>>> I'm actually a little surprised we didn't spot and remedy this
>>> earlier. Any suggestions for any cleaner solutions than Google's
>>> proposition?
>> Yes, fix the codecs to explicitly check for buffer end at the appropriate
>> (codec-specific!) points, taking advantage of the fact that buffers are
>> 0-padded.
> It's fairly simple to include a get_bits_count inside the loop. I just
> don't know how much we need to pad, the maximum size of a rogue syntax
> element.

But can the maximum size of a rogue syntax element be larger than zero
padding at the end of the packet buffer? If so then I guess we need
some finer granularity of checking within the loop/parser functions.


More information about the ffmpeg-devel mailing list