[vlc-devel] [vlc-commits] xiph demux: _correctly_ remove?warning
Laurent Aimar
fenrir at elivagar.org
Tue Feb 22 18:08:55 CET 2011
On Tue, Feb 22, 2011 at 06:57:42PM +0200, Rémi Denis-Courmont wrote:
> Le mardi 22 février 2011 18:47:40 Jean-Baptiste Kempf, vous avez écrit :
> > On Tue, Feb 22, 2011 at 05:45:30PM +0100, Laurent Aimar wrote :
> > > > > + if ((uint8_t)(end - current) < size)
> > > > >
> > > > > return VLC_EGENERIC;
> > > >
> > > > (uint8_t) seems *highly* suspicious (read: there is probably a
> > > > security
> > > >
> > > > issue where there was none...)
> > >
> > > Sorry misread. No security issue but I think valid headers are now
> > >
> > > rejected... (size can be higher than 255)
> >
> > Well, to me, this is still wrong.
>
> To me, the whole function looks quite suspicious. An expression such as
> (current >= end) is undefined if (current) oversteps past the end of the
> underlying buffer.
'current' cannot go beyond 'end', the check is here to ensure that
'size' byte are still accessible.
--
fenrir
More information about the vlc-devel
mailing list