[FFmpeg-devel] [PATCH 4/5] wma lossless: pad coeff buffer with 0
Michael Niedermayer
michaelni at gmx.at
Mon Feb 10 21:43:53 CET 2014
On Mon, Feb 10, 2014 at 09:20:22PM +0100, Christophe Gisquet wrote:
> Hi,
>
> 2014-02-10 Michael Niedermayer <michaelni at gmx.at>:
> > %16
> > &15
> > &8
> > all are the same for unsigned values which are a multiply of 8
> >
> > if values could be something else then the code can write out of
> > array and is potentially exploitable
>
> Errm... Sorry, I wasn't clear here. The actual issue was an incorrect sizeof.
> And the commit message was wrong (batch of 8 whereas it is 16) and
> thus confusing on what was happening here.
>
> > I suggest to make the code a bit more defensive and not write out
> > of array in such cases, even though they are not possible with the
> > current code
>
> Well, this is the only location where the order is set as far as I
> see.
yes
> If you see something elsewhere that should be done, I'm missing
> it, so please be specific. Anyway, I don't see what I can do safer
> than setting the remaining of the buffer to 0, which is done in the
> attached patch.
this is safe but not the most efficint
I should have been more specific, what i suggest is for example to
make the buffer that is written into, 8 elements larger
then adding 8 element padding should always be safe independant of
what order or max order is
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Asymptotically faster algorithms should always be preferred if you have
asymptotical amounts of data
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140210/98a15f10/attachment.asc>
More information about the ffmpeg-devel
mailing list