[vlc-devel] [PATCH] vlc_strftime: avoid infinite loop on windows when format string is invalid

Romain Vimont rom at rom1v.com
Thu Jan 25 18:35:55 CET 2018


On Thu, Jan 25, 2018 at 06:43:42PM +0200, Rémi Denis-Courmont wrote:
> We can intrinsically not handle UB and therefore we do not handle UB, at least 
> not post-facto. Where practical and useful, you can add post-facto assertions 
> to aid in debugging - nothing else.

I agree with you, in theory we can just ignore UB.

But here, the current vlc_strftime() implementation may transform an
error (with errno set) to an infinite loop, which is not very
debug-friendly.

To always avoid an infinite loop, one possibility could be to double the
buffer size on each iteration (instead of increasing linearly), and
limit to, say, 10 iterations, failing with an error otherwise.

> 
> > The issue can be seen on windows when changing the text of the marquee
> > filter.
> 
> There are plenty of ways to crash VLC within valid input parameters. We just 
> have to ensure that any such parameter is _not_ marked safe. Preventing UB is 
> impossible and therefore out of scope.
> 
> -- 
> 雷米‧德尼-库尔蒙
> https://www.remlab.net/
> 
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel


More information about the vlc-devel mailing list