[FFmpeg-devel] Security issues?
Michael Niedermayer
michaelni
Wed Sep 23 15:22:02 CEST 2009
On Wed, Sep 23, 2009 at 03:15:06PM +0200, Reimar D?ffinger wrote:
> On Wed, Sep 23, 2009 at 02:57:31PM +0200, Michael Niedermayer wrote:
> > > Index: libavcodec/vorbis_dec.c
> > > ===================================================================
> > > --- libavcodec/vorbis_dec.c (revision 19987)
> > > +++ libavcodec/vorbis_dec.c (working copy)
> > > @@ -162,6 +162,13 @@
> > > #define BARK(x) \
> > > (13.1f*atan(0.00074f*(x))+2.24f*atan(1.85e-8f*(x)*(x))+1e-4f*(x))
> > >
> > > +
> > > +#define VALIDATE_INDEX(ctx, idx, limit, onerror) \
> >
> > > + if (idx >= limit) {\
> >
> > the check should be an argument to the macro
> >
> >
> > > + av_log(ctx, AV_LOG_ERROR, "Index value %d out of range (0 - %d) for "#idx "\n", idx, limit);\
>
> Uh, and what should be the message then? If you change the check, this
> message no longer makes sense,
the message could be an argument too
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Many things microsoft did are stupid, but not doing something just because
microsoft did it is even more stupid. If everything ms did were stupid they
would be bankrupt already.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090923/f4b3a7c2/attachment.pgp>
More information about the ffmpeg-devel
mailing list