[gstreamer-bugs] [Bug 531236] New: [gstvalue] Deserialization not correct
GStreamer (bugzilla.gnome.org)
bugzilla-daemon at bugzilla.gnome.org
Sat May 3 08:43:55 PDT 2008
If you have any questions why you received this email, please see the text at
the end of this email. Replies to this email are NOT read, please see the text
at the end of this email. You can add comments to this bug at:
http://bugzilla.gnome.org/show_bug.cgi?id=531236
GStreamer | gstreamer (core) | Ver: HEAD CVS
Summary: [gstvalue] Deserialization not correct
Product: GStreamer
Version: HEAD CVS
Platform: Other
OS/Version: Linux
Status: UNCONFIRMED
Severity: major
Priority: Normal
Component: gstreamer (core)
AssignedTo: gstreamer-bugs at lists.sourceforge.net
ReportedBy: slomo at circular-chaos.org
QAContact: gstreamer-bugs at lists.sourceforge.net
GNOME version: Unspecified
GNOME milestone: Unspecified
Hi,
the deserialization in gstvalue.c is not correct in two places:
a) gst_value_deserialize_int_helper
There's *to = g_ascii_strtoull (s, &end, 0), which only works on unsigned
strings. Later on the return value of this is even checked if it's smaller than
zero ;)
IMHO this should be _strtoll() instead. Am I missing something?
Also there should probably be a check that checks if the deserialized value is
in the [min,max] range...
b) gst_value_deserialize_u*
Here the _unsigned_ result of g_ascii_strtoull() is stored in a gint64, thus
things like overflows can happen easily.
Checks if the value is between [min,max] should be added here too I guess...
Is my analysis correct? If so I'll prepare a patch later...
--
See http://bugzilla.gnome.org/page.cgi?id=email.html for more info about why you received
this email, why you can't respond via email, how to stop receiving
emails (or reduce the number you receive), and how to contact someone
if you are having problems with the system.
You can add comments to this bug at http://bugzilla.gnome.org/show_bug.cgi?id=531236.
More information about the Gstreamer-bugs
mailing list