[FFmpeg-devel] [PATCH] Fix a couple of errors with bad Vorbis headers

Reimar Döffinger Reimar.Doeffinger
Thu Jan 6 11:44:30 CET 2011


On 6 jan 2011, at 03:32, Frank Barchard <fbarchard at google.com> wrote:
> Reimar,
> On Wed, Dec 29, 2010 at 7:01 AM, Reimar D?ffinger
> <Reimar.Doeffinger at gmx.de>wrote:
> 
>> On Tue, Dec 28, 2010 at 08:19:03PM -0800, Alex Converse wrote:
>>> @@ -536,6 +536,12 @@ static int vorbis_parse_setup_hdr_floors
>>>             rangebits = get_bits(gb, 4);
>>>             floor_setup->data.t1.list[0].x = 0;
>>>             floor_setup->data.t1.list[1].x = (1 << rangebits);
>>> +            if (floor_setup->data.t1.list[1].x > vc->blocksize[1] / 2) {
>>> +                av_log(vc->avccontext, AV_LOG_ERROR,
>>> +                       "Floor value is too large for blocksize: %d
>> (%d)\n",
>>> +                       floor_setup->data.t1.list[1].x, vc->blocksize[1]
>> / 2);
>>> +                return -1;
>>> +            }
>>> 
>> 
>> You leave the invalid value in there, this is quite risky IMO.
>> 
> 
> Are you suggesting adding:
> floor_setup->data.t1.list[1].x = 0;
> before the return -1 ?

For example. However more consistent with the other checks in the file would be to first check (without assigning) and only do any assignment at all if it is valid. In theory that has the advantage that a previous valid value would stay around, however depending on the other assignments done before it might also be wrong to do it like this...



More information about the ffmpeg-devel mailing list