[FFmpeg-devel] [PATCH] Checked get_bits.h functions to prevent overread

Michael Niedermayer michaelni at gmx.at
Fri Sep 9 14:54:34 CEST 2011


On Fri, Sep 09, 2011 at 11:53:26AM +0200, Reimar Döffinger wrote:
> On Fri, Sep 09, 2011 at 09:46:34AM +0000, Carl Eugen Hoyos wrote:
> > Laurent Aimar <fenrir <at> elivagar.org> writes:
> > 
> > > > > I have a list of crashes with their backtraces. A lot of the files used
> > > > > comes from VLC and mplayer FTP and so will probably be easy to retreive.
> > > > 
> > > > > Is sending it to the ML is the right choice ?
> > > > 
> > > > What's wrong with opening a ticket as explained on
> > > > http://ffmpeg.org/bugreports.html?
> > > 
> > >  It depends. I can create a unique ticket for the backtrace I have
> > 
> > That would be great! (or do you mean you could but it is too much effort?)
> > 
> > > but I
> > > won't do it for each crash I found (it was from an automated fuzzing tool
> > > and I have more than 400 crashes, of course some come from the same bug).
> > 
> > I am just trying to say that if a developer believes your patch is not 
> > acceptable he has not much chance currently to fix the crashes individually.
> > 
> > You should make the 400 files available in some way, the best way is probably 
> > the bug tracker.
> 
> One sample per codec at the very least would be highly advisable.
> Just hacking the bitstream reader is unlikely to give really good
> results, even in the cases where it does not only replace the crash by
> an endless loop.

when index is a signed variable and you use a check like
if(index > max)
    return 0;

it should still crash when the variable overflows thus preventing an
infinite loop


> And past experience would indicate there are decoders that are trivial
> to fix but nobody was aware they existed...

absolutely, we should try to fix decoders not to need a checking
bitstream reader (if there are volunteers to do that, and i think there
are to some extend)

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

No snowflake in an avalanche ever feels responsible. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110909/5627c49d/attachment.asc>


More information about the ffmpeg-devel mailing list