[FFmpeg-devel] oggparsevorbis.c vorbis_comment: check for negative size

Rich Felker dalias
Sun Oct 7 17:33:20 CEST 2007


On Sun, Oct 07, 2007 at 02:38:10PM +0200, matthieu castet wrote:
> Attila Kinali wrote:
> > On Sun, 7 Oct 2007 12:42:13 +0200
> > Attila Kinali <attila at kinali.ch> wrote:
> > 
> > 
> >> The segfault occures, because s is read from the file but only
> >> checked to be smaller than the limit, but not whether it is
> >> positive, resulting in an overflow when it is a big negative number.
> >>
> >> Patch attached
> > 
> > Updated patch. Missed another occurence of the same problem.
> Why doesn't you make s unsigned ?

It won't solve the overflow issue. However checking to make sure s is
not negative is just a hack to work around the problem of not writing
overflow-safe unsigned arithmetic.

Rich




More information about the ffmpeg-devel mailing list