[FFmpeg-devel] oggparsevorbis.c vorbis_comment: check for negative size
Wed Oct 10 12:38:30 CEST 2007
On Mon, Oct 08, 2007 at 04:10:45AM +0200, Michael Niedermayer wrote:
> On Sun, Oct 07, 2007 at 11:33:20AM -0400, Rich Felker wrote:
> > On Sun, Oct 07, 2007 at 02:38:10PM +0200, matthieu castet wrote:
> > > Attila Kinali wrote:
> > > > On Sun, 7 Oct 2007 12:42:13 +0200
> > > > Attila Kinali <attila at kinali.ch> wrote:
> > > >
> > > >
> > > >> The segfault occures, because s is read from the file but only
> > > >> checked to be smaller than the limit, but not whether it is
> > > >> positive, resulting in an overflow when it is a big negative number.
> > > >>
> > > >> Patch attached
> > > >
> > > > Updated patch. Missed another occurence of the same problem.
> > > Why doesn't you make s unsigned ?
> > It won't solve the overflow issue. However checking to make sure s is
> > not negative is just a hack to work around the problem of not writing
> > overflow-safe unsigned arithmetic.
> yes i agree
> _maybe_ the following would fix it (ive not checked too carefull)
i will apply this in 2 days if there are no objections
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
In a rich man's house there is no place to spit but his face.
-- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
More information about the ffmpeg-devel