[FFmpeg-devel] [PATCH 3/3] avcodec/aacpsdsp_template: Fixes integer overflow in ps_add_squares_c()

Reimar Döffinger Reimar.Doeffinger at gmx.de
Sun Jul 9 11:39:32 EEST 2017

On 09.07.2017, at 02:52, "Ronald S. Bultje" <rsbultje at gmail.com> wrote:
> On Sat, Jul 8, 2017 at 5:17 PM, Michael Niedermayer <michael at niedermayer.cc>
> wrote:
>> Does anyone object to this patch ?
>> Or does anyone have a better idea on how to fix this ?
>> if not id like to apply it
> I think Rostislav's point is: why fix it, if it can only happen with
> corrupt input? The before and after situation is identical: garbage in,
> garbage out. If the compiler does funny things that makes the garbage
> slightly differently bad, is that really so devilishly bad? It's still
> garbage. Is anything improved by this?

The way C works, you MUST assume any undefined behaviour can at any point (different compiler, compiler options, ...) become exploitable.
You can try to justify it with assumptions (but even that is usually very hard, is and will the value really never be used in a condition affecting, however indirectly, a pointer value for example?), but those are just arbitrary assumptions not backed by any standard.
If you don't like that, C is the wrong language to use.

More information about the ffmpeg-devel mailing list