[vlc-devel] [vlc-commits] xiph demux: _correctly_ remove?warning

Laurent Aimar fenrir at elivagar.org
Tue Feb 22 18:08:55 CET 2011


On Tue, Feb 22, 2011 at 06:57:42PM +0200, Rémi Denis-Courmont wrote:
> Le mardi 22 février 2011 18:47:40 Jean-Baptiste Kempf, vous avez écrit :
> > On Tue, Feb 22, 2011 at 05:45:30PM +0100, Laurent Aimar wrote :
> > > > > +    if ((uint8_t)(end - current) < size)
> > > > > 
> > > > >          return VLC_EGENERIC;
> > > >  
> > > >  (uint8_t) seems *highly* suspicious (read: there is probably a
> > > >  security
> > > > 
> > > > issue where there was none...)
> > >  
> > >  Sorry misread. No security issue but I think valid headers are now
> > > 
> > > rejected... (size can be higher than 255)
> > 
> > Well, to me, this is still wrong.
> 
> To me, the whole function looks quite suspicious. An expression such as 
> (current >= end) is undefined if (current) oversteps past the end of the 
> underlying buffer.
 'current' cannot go beyond 'end', the check is here to ensure that
'size' byte are still accessible.

-- 
fenrir




More information about the vlc-devel mailing list