[FFmpeg-devel] ADPCM task (was Re: files in incoming)
Reimar Döffinger
Reimar.Doeffinger
Fri Jan 30 19:34:05 CET 2009
On Fri, Jan 30, 2009 at 06:55:04PM +0100, Stefan Gehrer wrote:
> Reimar D?ffinger wrote:
> > On Fri, Jan 30, 2009 at 08:06:04AM +0100, Stefan Gehrer wrote:
> >> @@ -1303,6 +1304,7 @@
> >> srcC = src + (avctx->channels-channel) * 4;
> >> srcC += (big_endian ? bytestream_get_be32(&src)
> >> : bytestream_get_le32(&src));
> >> + if ((srcC > src_end - 4) || (srcC < src)) break;
> >
> > Unfortunately no, a C compiler is allowed to assume that pointer
> > operations will never overflow, thus removing the (srcC < src) check.
>
> Interesting. Do you have a source where I can read that up?
> And if the answer is ANSI C / ISO 9899, maybe a more specific hint?
Well, the way I put it is the reality as gcc handles it, the standard is
far more restrictive, quoting the C99 standardi, section 6.5.6.8:
> If both the pointer
> operand and the result point to elements of the same array object, or
> one past the last
> element of the array object, the evaluation shall not produce an
> overflow; otherwise, the
> behavior is undefined.
Emphasis on "undefined", which is about the worst case you can
encounter.
So even as soon as you just add a value that is larger than
the array size to a pointer anything may happen just going by this...
In case of gcc, "only" an important half of your security check goes
missing.
More information about the ffmpeg-devel
mailing list