[Ffmpeg-devel] Re: [PATCH] MXF demuxer
Baptiste Coudurier
baptiste.coudurier
Tue Jul 18 01:02:59 CEST 2006
Uoti Urpala wrote:
> On Tue, 2006-07-18 at 00:39 +0200, Baptiste Coudurier wrote:
>>>> + if (type) { /* long form */
>>>> + int bytes_num = length & 0x7f;
>>>> + /* SMPTE 379M 5.3.4 guarantee that bytes_num must not exceed 8 bytes */
>>>> + assert(bytes_num <= 8);
>>> using assert() to check stuff from a stream for validity is unacceptable
>>> its like printf() aborting your application due to a spelling error
>> I assume bytes_num is <= 8. then It will overflow size. It's a
>> "security" issue. I'll use av_assert.
>
> If the file contains values not allowed by the spec you should diagnose
> that as invalid input and return an error. It's not reasonable to assume
> that the user would demux "trusted" files only, and so killing the
> program because of invalid input is not appropriate.
If I follow your principle, asserts are just useless. I shall always
check values and return -1 in every situation, now I can grep for assert
in ffmpeg source code and see some asserts are just ensuring that value
is right assuming the latter treatment will not fail.
I agree with you in principle of course. Im just lost in what is a good
"assert" and Im afraid that will start another flame or troll.
--
Baptiste COUDURIER GnuPG Key Id: 0x5C1ABAAA
SMARTJOG S.A. http://www.smartjog.com
Key fingerprint 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
Phone: +33 1 49966312
More information about the ffmpeg-devel
mailing list