[FFmpeg-devel] get_bits overrun checking from Google Chrome patches
Robert Swain
robert.swain
Tue Sep 8 18:50:48 CEST 2009
2009/9/8 Alex Converse <alex.converse at gmail.com>:
> On Tue, Sep 8, 2009 at 4:21 AM, Reimar
> D?ffinger<Reimar.Doeffinger at gmx.de> wrote:
>> On Tue, Sep 08, 2009 at 01:29:27AM +0100, Robert Swain wrote:
>>> I'm actually a little surprised we didn't spot and remedy this
>>> earlier. Any suggestions for any cleaner solutions than Google's
>>> proposition?
>>
>> Yes, fix the codecs to explicitly check for buffer end at the appropriate
>> (codec-specific!) points, taking advantage of the fact that buffers are
>> 0-padded.
>
> It's fairly simple to include a get_bits_count inside the loop. I just
> don't know how much we need to pad, the maximum size of a rogue syntax
> element.
But can the maximum size of a rogue syntax element be larger than zero
padding at the end of the packet buffer? If so then I guess we need
some finer granularity of checking within the loop/parser functions.
Regards,
Rob
More information about the ffmpeg-devel
mailing list