[vlc-devel] [vlc-commits] xiph demux: _correctly_ remove warning
Rémi Denis-Courmont
remi at remlab.net
Tue Feb 22 17:57:42 CET 2011
Le mardi 22 février 2011 18:47:40 Jean-Baptiste Kempf, vous avez écrit :
> On Tue, Feb 22, 2011 at 05:45:30PM +0100, Laurent Aimar wrote :
> > > > + if ((uint8_t)(end - current) < size)
> > > >
> > > > return VLC_EGENERIC;
> > >
> > > (uint8_t) seems *highly* suspicious (read: there is probably a
> > > security
> > >
> > > issue where there was none...)
> >
> > Sorry misread. No security issue but I think valid headers are now
> >
> > rejected... (size can be higher than 255)
>
> Well, to me, this is still wrong.
To me, the whole function looks quite suspicious. An expression such as
(current >= end) is undefined if (current) oversteps past the end of the
underlying buffer.
--
Rémi Denis-Courmont
http://www.remlab.info/
http://fi.linkedin.com/in/remidenis
More information about the vlc-devel
mailing list