[vorbis-dev] Will Vorbis happily decode packets with random data?
volsung at asu.edu
volsung at asu.edu
Wed Aug 8 09:39:49 PDT 2001
On Wed, 8 Aug 2001, Martin C. Martin wrote:
> I'm assuming the decoder doesn't have any bugs that can be exploited in
> this way. I'm writing a Vorbis downloader for Unreal Tournament, and
> the danger is that some of the other functionality in UT can be used to
> extract, then run, a portion of a downloaded file. It's a remote
> possibility, but I'd make a lot of people happy if i could say "there's
> no executable code in this file longer than 16 bytes."
If you are assuming that the decoder has no buffer overflow bugs, then you
don't need to scan at all. As Jack has already pointed out, stuffing
executable code into a Vorbis file will result in either rejected packets
(because they are the wrong format) or a burst of totally garbage sound (very,
very, very unlikely).
So you should be safe. (Though if you're really worried about client safety,
you *should* audit the code for buffer overflow bugs.)
---
Stan Seibert
--- >8 ----
List archives: http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'vorbis-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Vorbis-dev
mailing list