[FFmpeg-devel] [PATCH] lavu/avstring: check for overlong encodings

Nicolas George george at nsup.org
Sat Aug 30 15:30:02 CEST 2014

Le tridi 13 fructidor, an CCXXII, Stefano Sabatini a écrit :
> Unless there is an error in the code, a tail length of 6 bytes should
> never be reached.
> > Furthermore, the function is capable of decoding the full UTF-8 range, up to
> > (1<<31)-1, and that takes 6 octets.
> There is a separate check in the function:

Sorry, I missed the fact that tail_len does not count the initial octet. The
assert should be ok then.

> I believe overlong encodings are illegal, and thus should be never
> accepted.

As you wish, a flag can be added later anyway if the default is to reject.


  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140830/dbf4e610/attachment.asc>

More information about the ffmpeg-devel mailing list