On 19/04/15 13:03, Vittorio Giovara wrote:
> On Sat, Apr 18, 2015 at 8:51 PM, Luca Barbato <[email protected]> wrote:
>>
>> Is the input sufficiently validated? (e.g. can I get out of out by
>> feeding appropriate offset and out[pos]?)
>
> I suppose so, offset is width * step, step is validated before) and
> pos should never get past data[0] bounds for valid input because of
> the size check before.
> Should I add some additional validation?
I think we have a pattern for doing those checks in rle code, it is
anyway unrelated for the set, it is mostly a reminder since the code
doesn't do to begin with.
I think we use mainly something like
in_size
out_size
while (loop) {
if (rle) {
if (count > out_size)
error_out
...
in_size--;
out_size -= count;
} else {
if (copy_size > in_size ||
copy_size > out_size)
error_out
...
in_size -= copy_size;
out_size -= copy_size;
}
}
> I noticed I haven't validated width and height with ff_set_dimension, would
> that help?
Might be nice to do.
lu
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
