[FFmpeg-devel] [PATCH 3/3] avcodec/aacpsdsp_template: Fixes integer overflow in ps_add_squares_c()
Michael Niedermayer
michael at niedermayer.cc
Sun Jul 9 20:04:09 EEST 2017
On Sun, Jul 09, 2017 at 10:08:50AM -0400, Ronald S. Bultje wrote:
> Hi,
>
> On Sun, Jul 9, 2017 at 4:39 AM, Reimar Döffinger <Reimar.Doeffinger at gmx.de>
> wrote:
>
> > On 09.07.2017, at 02:52, "Ronald S. Bultje" <rsbultje at gmail.com> wrote:
> > > On Sat, Jul 8, 2017 at 5:17 PM, Michael Niedermayer
> > <michael at niedermayer.cc>
> > > wrote:
> > >
> > >>
> > >> Does anyone object to this patch ?
> > >> Or does anyone have a better idea on how to fix this ?
> > >> if not id like to apply it
> > >
> > >
> > > I think Rostislav's point is: why fix it, if it can only happen with
> > > corrupt input? The before and after situation is identical: garbage in,
> > > garbage out. If the compiler does funny things that makes the garbage
> > > slightly differently bad, is that really so devilishly bad? It's still
> > > garbage. Is anything improved by this?
> >
> > The way C works, you MUST assume any undefined behaviour can at any point
> > [..] become exploitable.[..] If you don't like that, C is the wrong
> > language to use.
>
>
> I think I've read "the boy who cried wolf" a few too many times to my kids,
> but the form of this discussion is currently too polarizing/political for
> my taste.
I dont know about polarizing, it quite possibly is but
If anyone belives this is just political or theoretical and its safe to
trigger undefined behavior if the output is not used, here are some
examples found after 30sec of google use where that is not so:
https://blogs.msdn.microsoft.com/oldnewthing/20140627-00/?p=633
https://blog.regehr.org/archives/759
This is intended "for the archives" and not intended to pull
anyone into a discussion they dont want to be in.
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170709/11f3d16c/attachment.sig>
More information about the ffmpeg-devel
mailing list