[vlc-devel] Re: vlc: svn commit r20440 (courmisch)
Rémi Denis-Courmont
rem at videolan.org
Thu Jun 7 22:22:39 CEST 2007
Le jeudi 7 juin 2007, Laurent Aimar a écrit :
> On Thu, Jun 07, 2007, Rémi Denis-Courmont wrote:
> > Le jeudi 7 juin 2007, Laurent Aimar a écrit :
> > > On Thu, Jun 07, 2007, Subversion daemon wrote:
> > > > r20440 | courmisch | 2007-06-07 18:43:10 +0200 (Thu, 07 Jun
> > > > 2007) | 2 lines Changed paths:
> > > > M /trunk/include/vlc_es.h
> > > >
> > > > Store channels counter to a single byte. We can only handle 32
> > > > of them anyway
> > >
> > > Why using uint8_t instead of a perfectly fine int/uint ? (as
> > > anyway that does not limit it to 32...)
> >
> > Because it limits the margin for nasty integer overflow in
> > multiplications.
>
> Unless the field was not initialized or was greater then 32 by error
> (and in this case the bug should be fixed and not workarounded), it
> won't change anything.
I am not willing to bet on the absence of integer overflows in VLC audio
code. Bugs must me fixed rather than worked-around for sure, but that
in no ways excludes limitting the impact of bugs (or do you run all
your daemons as root because security bugs should be fixed?).
--
Rémi Denis-Courmont
http://www.remlab.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20070607/c1e18273/attachment.sig>
More information about the vlc-devel
mailing list