[vorbis-dev] Will Vorbis happily decode packets with random data?
Michael Smith
msmith at labyrinth.net.au
Fri Aug 10 19:00:31 PDT 2001
At 01:49 PM 8/11/01 +1200, you wrote:
>On Wed, Aug 08, 2001 at 02:47:34PM -0400, Monty wrote:
>> Static buffers have been a known risk for 20 years and only lazy,
>> piss-poor programmers (the majority, I grant you) would write code
>> today that could be overrun. If you can find a buffer overrun in
>> Vorbis, a case of whatever brew you prefer is on me.
>
>Tools included? the buffer for oggenc's filename builder looks a lot like
>it wouldn't handle a filename longer than 4kB.
No. The tools assume that the user gives them sane input, mostly. Actually,
looking at that code I think I just forgot to finish something off. I guess
I should fix that. It _looks_ like I intended to do it right.
I didn't really go to much effort to ensure that oggenc wouldn't crash due
to stupid input - other than in the file loaders (wav, etc.) - if those
buffer overflow, then it's a definate major bug.
Anyway, I suppose I'll take a look at other things and fix them.
Michael
--- >8 ----
List archives: http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'vorbis-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Vorbis-dev
mailing list