[FFmpeg-devel] [PATCH] indeo3: add out-of-buffer write check

Stefano Sabatini stefano.sabatini-lala at poste.it
Wed May 18 23:23:08 CEST 2011 

On date Wednesday 2011-05-18 12:29:20 +0200, Maxim encoded:
> Stefano Sabatini schrieb:
> > ...
> >
> > In practice cur_lp is always a pointer to uint32_t, so is is always
> > incremented by 4 units. A better solution would involve to fix the
> > code logic, but that would require a better understanding of the
> > codec.
> >   
> 
> Just a notice: last year I submitted a replacement for that decoder. My
> code was far from the shape of inclusion und therefore didn't pass the
> review process immediately. The main advantages of the new code are very
> small size of lookup tables, good readability and better error/invalid
> data handling.
 
> I'm still working on improving my code. I just want to say that this
> work is as far as complete, it needs some cosmetic cleanups and maybe
> some refractions because it was written in a hurry.

That's great news :). 

> Therefore, I suggest to switch to the new code, improve it and drop the
> old one instead of wasting time fixing that obfuscated and potentially
> broken source. I'm sure you'll spend less time and will gain
> significantly better results...

Anyway I suggest to apply anyway the attached patchset (all the
already posted patches but the iv_free_func() change which is
*slightly* controversial), so I can close the issue, having a less
broken old version in the repository is still a good idea and I don't
plan to spend more time on the old code.
-- 
FFmpeg = Forgiving and Furious Mastering Powered Elitist Gadget
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-indeo3-add-file-doxy-and-a-link-to-multimedia-wiki-d.patch
Type: text/x-diff
Size: 1127 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110518/67c22173/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-indeo3-remove-unnecessary-includes.patch
Type: text/x-diff
Size: 679 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110518/67c22173/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-indeo3-release-buffer-in-indeo3_decode_end.patch
Type: text/x-diff
Size: 684 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110518/67c22173/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-indeo3-add-out-of-buffer-write-check.patch
Type: text/x-diff
Size: 1475 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110518/67c22173/attachment-0003.bin>

More information about the ffmpeg-devel mailing list