[FFmpeg-devel] [PATCH] lavu/avstring: check for overlong encodings
Nicolas George
george at nsup.org
Sat Aug 30 15:30:02 CEST 2014
Le tridi 13 fructidor, an CCXXII, Stefano Sabatini a écrit :
> Unless there is an error in the code, a tail length of 6 bytes should
> never be reached.
>
> > Furthermore, the function is capable of decoding the full UTF-8 range, up to
> > (1<<31)-1, and that takes 6 octets.
>
> There is a separate check in the function:
Sorry, I missed the fact that tail_len does not count the initial octet. The
assert should be ok then.
> I believe overlong encodings are illegal, and thus should be never
> accepted.
As you wish, a flag can be added later anyway if the default is to reject.
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140830/dbf4e610/attachment.asc>
More information about the ffmpeg-devel
mailing list