[FFmpeg-devel] [PATCH 19/19] lavc: sanitize decoder return value.
Michael Niedermayer
michaelni at gmx.at
Sun Jul 29 17:54:27 CEST 2012
On Sun, Jul 29, 2012 at 03:57:37PM +0200, Nicolas George wrote:
> With this change, we can guarantee that the return value of
> avcodec_decode_<type>() is either an error code or between
> 0 and the packet size, and not 0 if no frame was decoded.
> It is therefore suitable for advancing in the packet data and
> looping.
>
> For builds with assert-level >= 2, an assert failure is raised,
> making it easier to detect the problems.
>
> Signed-off-by: Nicolas George <nicolas.george at normalesup.org>
> ---
> libavcodec/utils.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/libavcodec/utils.c b/libavcodec/utils.c
> index 53fda1f..1f82a33 100644
> --- a/libavcodec/utils.c
> +++ b/libavcodec/utils.c
> @@ -1498,6 +1498,16 @@ static void apply_param_change(AVCodecContext *avctx, AVPacket *avpkt)
> }
> }
>
> +/* Note: we are still vulnerable to decoders decoding a frame and
> + returning 0 for success instead of the used bytes. */
> +#define SANITIZE_DECODED_SIZE(ret, pkt, got_frame) { \
> + av_assert2((ret) <= (pkt).size); \
> + (ret) = FFMIN((ret), (pkt).size); \
> + av_assert2(!(pkt).size || (got_frame) || (ret)); \
> + if ((pkt).size && !(got_frame) && !(ret)) \
> + ret = AVERROR_BUG; \
> +}
I think the asserts alone should be enough
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
He who knows, does not speak. He who speaks, does not know. -- Lao Tsu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120729/245c89fb/attachment.asc>
More information about the ffmpeg-devel
mailing list