[FFmpeg-devel] get_bits overrun checking from Google Chrome patches

Michael Niedermayer michaelni
Wed Sep 9 02:04:59 CEST 2009

On Tue, Sep 08, 2009 at 05:50:48PM +0100, Robert Swain wrote:
> 2009/9/8 Alex Converse <alex.converse at gmail.com>:
> > On Tue, Sep 8, 2009 at 4:21 AM, Reimar
> > D?ffinger<Reimar.Doeffinger at gmx.de> wrote:
> >> On Tue, Sep 08, 2009 at 01:29:27AM +0100, Robert Swain wrote:
> >>> I'm actually a little surprised we didn't spot and remedy this
> >>> earlier. Any suggestions for any cleaner solutions than Google's
> >>> proposition?
> >>
> >> Yes, fix the codecs to explicitly check for buffer end at the appropriate
> >> (codec-specific!) points, taking advantage of the fact that buffers are
> >> 0-padded.
> >
> > It's fairly simple to include a get_bits_count inside the loop. I just
> > don't know how much we need to pad, the maximum size of a rogue syntax
> > element.
> But can the maximum size of a rogue syntax element be larger than zero
> padding at the end of the packet buffer? If so then I guess we need
> some finer granularity of checking within the loop/parser functions.

or increase padding (no iam not saying that is what i want, i just wanted
to mention it as noone seems to have yet in the theard ...)

Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Freedom in capitalist society always remains about the same as it was in
ancient Greek republics: Freedom for slave owners. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090909/bb770170/attachment.pgp>

More information about the ffmpeg-devel mailing list