On Tue, May 21, 2019 at 11:15:03AM -0300, James Almer wrote: > > I have a feeling this loop should have a stop condition like v < > > SOME_LARGE_VALUE, say INT_MAX-255 or yuv_macroblock_count, to reject > > corrupt/malicious files and not cause undefined behavior > > Using get_bits_left(gb) would be better than an arbitrary large value.
It seems the original comment wasn't preserved, but get_bits_left is fairly pointless because the 0-padding will cause loop exit anyway. Also get_bits_left wouldn't address the point that a 2GB input frame of all-1s from the right position would here end up reading 2GB 9 bits at a time. Overflow by my calculations would only happen after > 500 GB, so not sure that's a worry. But depending on the contexts in which this function is used, there might be obvious limits for v, in which case an early exit would make sense (even when not, runs > 250 bytes can likely safely assumed broken). _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
