[FFmpeg-devel] [PATCH] Vorbisdec check the result of a potentially very large malloc.

Alex Converse alex.converse
Tue Aug 3 02:30:20 CEST 2010


2010/8/2 M?ns Rullg?rd <mans at mansr.com>:
> Alex Converse <alex.converse at gmail.com> writes:
>
>> 2010/8/2 M?ns Rullg?rd <mans at mansr.com>:
>>> Alex Converse <alex.converse at gmail.com> writes:
>>>
>>>> res_setup->ptns_to_read ranges [0, 2^24)
>>>> vc->audio_channels ranges [1, 255]
>>>>
>>>> Do any platforms we support have sizeof(uint_fast8_t) > 1
>>>
>>> The _fast types are usually at least 32 bits.
>>>
>>>> and size_t <= 4?
>>>
>>> That would be most 32-bit systems.
>>>
>>>> If so we also need to look for an integer overflow.
>>>
>>> Guess we do.
>>>
>>
>> Or use "regular" uint8_t... which should be especially useful if the
>> array is going to be large.
>
> Yes, the _fast types are mostly useful for local variables.
>

I've gone ahead and applied both. They seem somewhat security relevant
and are very straightforward. Hopefully the maintainer doesn't mind.



More information about the ffmpeg-devel mailing list