[FFmpeg-cvslog] r26053 - in trunk: libavformat/asfdec.c tests/ref/fate/wmv8-drm

Reimar Döffinger Reimar.Doeffinger
Sat Dec 18 19:15:50 CET 2010


On Sat, Dec 18, 2010 at 12:36:48PM -0500, Ronald S. Bultje wrote:
> Hi,
> 
> On Sat, Dec 18, 2010 at 12:19 PM, Reimar D?ffinger
> <Reimar.Doeffinger at gmx.de> wrote:
> > This time unfortunately the issue is indeed that the VC-1 decoder reads outside
> > the packet size.
> > Below hack would fix it, but that is of course not ok.
> > My proposal would be to remove that fate test an only keep the one I added
> > (does not decode), unless someone comes up with a way to fix the VC-1 decoder...
> 
> I disagree, reading beyond packet boundary sounds like an exploitable
> bug.

Only "exploitable" as in DoS.

> Let's fix it, your "hack" sounds ok to me unless Kostya comes up
> with a real fix.

At the very least it should probably use some sign-shift tricks and
| instead of || to reduce the speed impact.
And it needs benchmarking (on a high-bitrate stream) anyway.



More information about the ffmpeg-cvslog mailing list