[FFmpeg-devel] [PATCH] AC3 decoder stability

Justin Ruggles justinruggles
Mon Mar 24 00:54:14 CET 2008

Michael Niedermayer wrote:
> On Sat, Mar 22, 2008 at 08:44:23PM -0400, Justin Ruggles wrote:
>> Hi,
>> Here is the least invasive and fastest solution I could come up with for
>> fixing the problem with overreading the input buffer in the AC3 decoder.
> This sounds like you tried other things as well?
> Have you tried placeing a few checks for the remaining buffer size in the
> code? Keep in mind that you have at least 64bit available after the
> bitstream and that could be increased a little if that would help.
> Are such checks slower than the copy?
> If you have tried or try it iam interrested in the patch.

I have tried other things. Basically, you can't just do a few checks.
There are so many coded values that affect the overall frame size that
nearly every read has to be checked.  There are only a few places where
you can group them together.

Basically, doing the checks was about 5-7% slower than current SVN.  I
tested it by adding a couple functions.  One was get_bits_safe() which
checked the buffer size before reading a single value.  Another was
check_buffer_size(..., int add_bits) which was used to check buffer size
before reading multiple values.  I don't have a patch readily
available...I don't think I saved the changes since it was so much
slower and more complex.  It didn't take long though.  I can throw one
together and post results if you prefer.

> ... i simply like to understand all options we have before commenting on
> the copy solution ...

When it comes to adding checks, the only real option is whether to
pre-calculate mantissa bits or check when reading each mantissa group.
I do not remember which is faster, only that both were slower than the
copy solution since they went hand-in-hand with all the other checks.


More information about the ffmpeg-devel mailing list