[FFmpeg-devel] [RFC] Negative Bitrate Assertion Error

Michael Niedermayer michaelni
Mon Dec 20 10:52:27 CET 2010


On Sun, Dec 19, 2010 at 09:53:49PM +0100, Reimar D?ffinger wrote:
> On Sun, Dec 19, 2010 at 12:24:50PM -0800, David Czech wrote:
> > Index: libavformat/utils.c
> > ===================================================================
> > --- libavformat/utils.c	(revision 26014)
> > +++ libavformat/utils.c	(working copy)
> > @@ -1870,10 +1870,11 @@
> >      AVStream *st;
> >  
> >      /* if bit_rate is already set, we believe it */
> > -    if (ic->bit_rate == 0) {
> > +    if (ic->bit_rate <= 0) {
> 
> From a security-perspective I think this is questionable, we should
> not assign invalid values in the first place, who knows what kind of
> code might be between the assignment and this "fixup" code where
> negative values might cause issues.

you have a point, still i think the core should not fail with asserts if one
demuxer with one file does set it negative, also security auditing all demuxers
bitrate handling is probably too much for a code in task


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Awnsering whenever a program halts or runs forever is
On a turing machine, in general impossible (turings halting problem).
On any real computer, always possible as a real computer has a finite number
of states N, and will either halt in less than N cycles or never halt.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20101220/ed84fc47/attachment.pgp>



More information about the ffmpeg-devel mailing list