[FFmpeg-devel] [PATCH] oggparsedaala: reject too large gpshift

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Wed Dec 30 01:14:09 CET 2015


On 30.12.2015 01:04, Ganesh Ajjanagadde wrote:
> On Tue, Dec 29, 2015 at 4:00 PM, Andreas Cadhalpun
> <andreas.cadhalpun at googlemail.com> wrote:
>> On 29.12.2015 22:27, Rostislav Pehlivanov wrote:
>>> oggparsetheora has the same bit of code to read the gpshift, so it would
>>> probably be a good idea to add it to this patch as well.
>>
>> No, oggparsetheora only reads 5 bits for gpshift.
>> The only thing from this patch that also applies there is the (theoretical)
>> issue of 1<<31 not being defined for int32_t.
> 
> Can you clarify precisely what you mean by this? I am pretty sure
> ubsan and others do fail for 1<<31, and I know that it is undefined
> behavior. Are you saying that it is impossible to trigger a 1<<31, or
> only that it is highly improbable?

Yes, ubsan fails for 1<<31 and it is theoretically undefined behavior, but
it works in practice in contrast to e.g. 1<<40, which just doesn't fit.
That's what I meant. The 1<<31 case can be triggered in both.

Best regards,
Andreas


More information about the ffmpeg-devel mailing list