[FFmpeg-soc] [soc]: r2578 - mlp/mlpdec.c

Ramiro Polla ramiro at lisha.ufsc.br
Sat Jun 28 15:59:51 CEST 2008 

Michael Niedermayer wrote:
> On Fri, Jun 27, 2008 at 10:33:54PM +0100, Ramiro Polla wrote:
>> Hi,
>>
>> Michael Niedermayer wrote:
>>> On Thu, Jun 26, 2008 at 07:26:20PM +0100, Ramiro Polla wrote:
>>>> Hello,
>>>>
>>>> ramiro wrote:
>>>>> Author: ramiro
>>>>> Date: Thu Jun 26 19:33:28 2008
>>>>> New Revision: 2578
>>>>>
>>>>> Log:
>>>>> More checks to see if there is enough data.
>>>>>
>>>>> Modified:
>>>>>    mlp/mlpdec.c
>>>>>
>>>>> Modified: mlp/mlpdec.c
>>>>> ==============================================================================
>>>>> --- mlp/mlpdec.c	(original)
>>>>> +++ mlp/mlpdec.c	Thu Jun 26 19:33:28 2008
>>>>> @@ -1009,6 +1009,9 @@ static int read_access_unit(AVCodecConte
>>>>>      for (substr = 0; substr < m->num_substreams; substr++) {
>>>>>          int extraword_present, checkdata_present, end;
>>>>>  +        if (bytes_left < 2)
>>>>> +            return -1;
>>>>> +
>>>>>          extraword_present = get_bits1(&gb);
>>>>>          skip_bits1(&gb);
>>>>>          checkdata_present = get_bits1(&gb);
>>>>> @@ -1022,6 +1025,8 @@ static int read_access_unit(AVCodecConte
>>>>>          bytes_left -= 2;
>>>>>           if (extraword_present) {
>>>>> +            if (bytes_left < 2)
>>>>> +                return -1;
>>>>>              skip_bits(&gb, 16);
>>>>>              parity_bits ^= *buf++;
>>>>>              parity_bits ^= *buf++;
>>>> This seems like a long and painful road... While we're still reading 
>>>> headers with easily calculated size, this isn't too hard, and there won't 
>>>> be much overhead in the checks. But on more complicated headers and 
>>>> specially the VLC values it's not easy to see if we still have enough 
>>>> data.
>>>>
>>>> Lots of other codecs I've looked at seem to just trust init_get_bits() 
>>>> with the remaining bytes.
>>>>
>>>> What's the best practice here? Should the header checksum && coded 
>>>> lengths be enough to validate the input size?
>>> All _writes_ must be checked, the reads are not critical.
>>> also dont forget FF_INPUT_BUFFER_PADDING_SIZE
>> Ok. So is it ok to apply these patches?
>> revert_1 just revert the last commit of extra checks.
>> revert_2 removes keeping track of bytes left. the value is never used later 
> 
> ok

Ok, I think the code is ready for another review now.

Ramiro Polla

More information about the FFmpeg-soc mailing list