[FFmpeg-devel] Security issues?
Reimar Döffinger
Reimar.Doeffinger
Wed Sep 23 15:15:06 CEST 2009
On Wed, Sep 23, 2009 at 02:57:31PM +0200, Michael Niedermayer wrote:
> > Index: libavcodec/vorbis_dec.c
> > ===================================================================
> > --- libavcodec/vorbis_dec.c (revision 19987)
> > +++ libavcodec/vorbis_dec.c (working copy)
> > @@ -162,6 +162,13 @@
> > #define BARK(x) \
> > (13.1f*atan(0.00074f*(x))+2.24f*atan(1.85e-8f*(x)*(x))+1e-4f*(x))
> >
> > +
> > +#define VALIDATE_INDEX(ctx, idx, limit, onerror) \
>
> > + if (idx >= limit) {\
>
> the check should be an argument to the macro
>
>
> > + av_log(ctx, AV_LOG_ERROR, "Index value %d out of range (0 - %d) for "#idx "\n", idx, limit);\
Uh, and what should be the message then? If you change the check, this
message no longer makes sense, I am actually even considering the
onerror possibly too flexible.
I think it might actually be nicer to structure it along the lines of
FF_ALLOC_OR_GOTO...
More information about the ffmpeg-devel
mailing list