[Ffmpeg-devel] Bugs in Vorbis decoder

Balatoni Denes dbalatoni
Sun Sep 24 18:13:49 CEST 2006


szombat 23 szeptember 2006 16.44-kor Oded Shimon ezeket a bolcs gondolatokat 
fogalmazta meg:
> 2 bugs found in ffvorbis while working on my encoder. First one is simple,
> off-by-one, 0 is a valid codebook number, -1 isn't. Patch attached, I'll
> commit tommorrow if noone objects...

Seems that you are right, I don't know how it got in.

> Second one is tougher - buffer overflow in vorbis.c:1304, an assumption
> that the size of the block is 'rangebits' in the floor, when rangebits is
> allowed by spec to be larger. The fix is to have the floor_decode function
> know the actual size of the buffer, and not go over it.

You are right again. A fix for this would be appreciated :) So you would pass 
in the blocksize (which depends on whether it's a short or a long block) as 
an additional argument to to floor1_decode, right ?

> - ods15


More information about the ffmpeg-devel mailing list