[FFmpeg-devel] [PATCH]Possible bug-fix by Google

Frank Barchard fbarchard
Fri Mar 26 00:56:58 CET 2010


On Thu, Mar 25, 2010 at 11:12 AM, Baptiste Coudurier <
baptiste.coudurier at gmail.com> wrote:

> On 03/25/2010 10:17 AM, Frank Barchard wrote:
>
>> This is a security patch from last year.  With current mov.c code it still
>> seems necessary.
>>
>
> It's still wrong and the loop counter is finished, it will just take a long
> time to finish, I hardly call that a "security" fix.


The patch checks for a valid size field.
Its not strictly a security patch... I checked the code review, and the
security guy called it a bug fix for correctness.
If you don't check the size, the 'next' can either not advance, or advance
into invalid data, causing a seek and read out of bounds.
It depends on the applications ByteIOContext implementation being robust.
Is your concern that semi-corrupt data causes a complete failure, and you'd
prefer a graceful warning , then try to continue?



More information about the ffmpeg-devel mailing list