[FFmpeg-devel] [PATCH] ff_split_xiph_headers returns broken header_len < 0
Måns Rullgård
mans
Sat Apr 19 20:11:45 CEST 2008
Reimar D?ffinger <Reimar.Doeffinger at stud.uni-karlsruhe.de> writes:
> On Sat, Apr 19, 2008 at 05:29:02PM +0200, Michael Niedermayer wrote:
>> On Fri, Apr 18, 2008 at 11:02:56PM +0200, Reimar D?ffinger wrote:
>> > }
>> > - } else if (extradata[0] == 2) {
>> > + } else if (extradata_size >= 3 && extradata_size + 0x1ff > 0 && extradata[0] == 2) {
>>
>> this check will not work with gcc, have i not been loud enough about gccs
>> behaviour with signed overflow checks?
>
> Well, I am not sure whether there is a point in this check or not. Also
> I must have missed it, I was only aware of the "problem" when a pointer
> is involved.
There is no problem with pointers, or rather, with pointers the
problem is that the check is wrong in the first place, whatever the
compiler does.
> I can make it extradata_size > INT_MAX - 0x1ff , I just considered it
> quite obfuscated.
Why isn't extradata_size unsigned?
--
M?ns Rullg?rd
mans at mansr.com
More information about the ffmpeg-devel
mailing list