"Ronald S. Bultje" <[email protected]> writes: > Hi, > > 2012/2/29 Måns Rullgård <[email protected]>: >> Vitor Sessak <[email protected]> writes: >> >>> On 02/29/2012 04:28 PM, Janne Grunau wrote: >>>> On 2012-02-26 09:52:44 +0100, Vitor Sessak wrote: >>>>> --- >>>>> libavcodec/ra144dec.c | 2 ++ >>>>> libavcodec/ra288.c | 2 ++ >>>>> libavcodec/sipr.c | 2 ++ >>>>> libavcodec/twinvq.c | 2 ++ >>>>> 4 files changed, 8 insertions(+), 0 deletions(-) >>>> >>>> Why? >>>> >>>> Have you proofed that each of the decoder can't overread? >>> >>> Of course I did. I concede didn't do it with the AMRNB in my first >>> patch. I was almost sure I saw the check when I reviewed it, but I was >>> wrong. >> >> [...] >> >>>> I would say the decoders are not important enough and speed penalty >>>> for audio doesn't matter enough to disable the safe bitstream reader. >>> >>> How hard is it to check a single constant value correctly? What is the >>> use of the safe bitstream reader if the check is done right? >> >> There's much more to it than that. Almost anything using >> variable-length codes will need more than a simple packet size check, or >> a damaged/malicious bitstream may cause over-reads. > > This is the concern that I have also... We really want almost-academic > sort of proof that the decoder can not possibly ever consume more than > X bits of data from /dev/random per single decoding iteration before > unsetting the safe bitstream reader flag.
Yes, that's the entire point of having the checked reader. -- Måns Rullgård [email protected] _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
