[FFmpeg-devel] [PATCH] *alloc(type)

Reimar Döffinger Reimar.Doeffinger
Sat Nov 20 11:07:36 CET 2010


On Sat, Nov 20, 2010 at 04:37:30AM +0100, Michael Niedermayer wrote:
> patchset below fixes the type used in malloc and co
> The sense behind this patch is that feeding things that dont fit in unsigned
> int into *alloc() can lead to successfull allocation of too small arrays which
> is pretty bad.
> There are probably more functions that should be changed like av_new_packet()
> but i had to start somewhere and will look into the others too if noone else
> does.
> Note, i will apply this in a few days if there are no objections

This has some side-effects I do not like.
For example, allocating more than 4 GB now becomes possible, even
though such an allocation is almost certain to be a bug.
Behaviour starts to differ between 32 and 64 bit (e.g. malloc
with a 64 bit variable now has exactly the issue you want to
avoid on 32 bit but is fine on 64 bit).
Wouldn't it be better to use uint64_t and add an explicit fail if
the value is larger than SIZE_MAX (actually I'd prefer an explicit
file if it is either larger than 1 GB or larger than SIZE_MAX, but
I understand that is rather questionable).



More information about the ffmpeg-devel mailing list