[FFmpeg-devel] [PATCH] lavu/avstring: check for overlong encodings
Stefano Sabatini
stefasab at gmail.com
Sat Aug 30 15:12:43 CEST 2014
On date Saturday 2014-08-30 15:06:14 +0200, Nicolas George encoded:
> Le tridi 13 fructidor, an CCXXII, Stefano Sabatini a écrit :
> > It is mathematically impossible that the length will be larger than 5.
> > Added an assert for that though, alternatively I could add a check.
>
> In ffprobe, the function is used with values coming directly from the file's
> metadata: an assert is not acceptable in this case.
Unless there is an error in the code, a tail length of 6 bytes should
never be reached.
> Furthermore, the function is capable of decoding the full UTF-8 range, up to
> (1<<31)-1, and that takes 6 octets.
There is a separate check in the function:
if (code > 0x10FFFF &&
!(flags & AV_UTF8_FLAG_ACCEPT_INVALID_BIG_CODES))
ret = AVERROR(EILSEQ);
> Also, I suspect checking for overlong encodings could have a flag just like
> the other extraneous checks below.
I believe overlong encodings are illegal, and thus should be never
accepted.
--
FFmpeg = Formidable and Free Mastering Political Evil Gorilla
More information about the ffmpeg-devel
mailing list