On Tue, Jul 13, 2004 at 08:35:17AM -0400, Andrew Kohlsmith wrote: > On Tuesday 13 July 2004 08:22, [EMAIL PROTECTED] wrote: > > Ack, I don't like the iLBC code for the quick 3 minutes or so I looked at > > it, but it wouldn't surprise me if it was overwriting more than it should > > be on the stack. > > Why wouldn't it surprise you? I have a PRI and have 10 or 12 iLBC codecs > running during peak times. I don't understand how you can get from "I don't > like the sound of iLBC" to "iLBC must be written poorly". >
You missed my point. I'm talking about how it does data handling with various loops and memcpys etc. I don't care about the sound quality, nor do I care about how well written it is, I'm just making the observation based on my previous experience based on previous auditing of software. There are a lot of variables in use with various #define'd values, (can you be sure that there is no off-by-one's, compiler eccentricities, etc?). ( it's abit like how asterisk doesn't srand() correctly, which can allow an attacker to predict what challenges someone is going to see and compute them in advance via MIT or that IAX2 should drop the idea of plaintext passwords due to forced downgrades.). That said, what processor series couldn't divide properly? if it was the cryix range / version part, it could be a problem. Thanks, Andrew Griffiths _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
