[FFmpeg-devel] [PATCH] Checked get_bits.h functions to prevent overread
fenrir at elivagar.org
Fri Sep 9 01:05:54 CEST 2011
After trying some fuzzing on libavcodec, it seems that a lot of decoders
does not check (or not enough) for buffer overread which can lead for some
to a segfault.
I attached a patch that make get_bits.h function checked for overread by
default but let safe decoders disabling the checks at compilation time by
defining UNCHECK_BITSTREAM_READER before including get_bits.h.
If such patch would be including, I would gladly provide a patch
adding the #define UNCHECK_BITSTREAM_READER to the decoder that are 'safe'.
I haven't yet benchmark the performance loss but will do so.
One decoder breaks with this patch: mpegaudio. It seems to do weird things
with two get bit context and switching them while decoding. I will try to
have a look at it (unless someone would volunteer to explain me what it is
Also, I haven't implemented the checks for A32_BITSTREAM_READER. But I am not
sure when (or even if) this reader is used.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2830 bytes
Desc: not available
More information about the ffmpeg-devel