[FFmpeg-devel] Security issues?

Michael Niedermayer michaelni
Thu Sep 24 00:05:21 CEST 2009


On Wed, Sep 23, 2009 at 08:24:51PM +0100, M?ns Rullg?rd wrote:
> Michael Niedermayer <michaelni at gmx.at> writes:
> 
> > On Wed, Sep 23, 2009 at 11:11:37AM -0700, Baptiste Coudurier wrote:
> >> On 09/23/2009 02:33 AM, Michael Niedermayer wrote:
> >>> On Tue, Sep 22, 2009 at 08:09:08PM +0200, Michael Niedermayer wrote:
> >>>> Hi
> >>>>
> >>>> lars has mailed me the following 2 links
> >>>> http://www.heise.de/newsticker/Sicherheitsluecken-in-VLC-und-FFmpeg--/meldung/145655
> >>>> http://secunia.com/advisories/36805/
> >>>
> >>> next is for mov:
> >>>
> >>> http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/ffmpeg/patches/to_upstream/35_mov_bad_timings.patch?revision=25101&view=markup
> >>>
> >>> this probably isnt security relevant but still should be fixed
> >>> issue is that 32bits are read into an (signed) int and thus one can
> >>> end with a negative time_scale, chromes patch looks wrong
> >>> changing time_scale to unsigned seems the solution at first but its
> >>> assigned to sample_rate and time_base which themselfs are signed ...
> >>
> >> Yes patch is wrong, specs says time_scale is unsigned. Field must be 
> >> changed to unsigned. 
> >
> >> sample_rate and time_base should also be unsigned 
> >> IMHO, but this might have side effects ...
> >
> > time_base is AVRational which are 2 signed ints, its hard to change that
> 
> AVURational?

AVBikeshedIrrationalTheSignedWorksNicely ?

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

It is dangerous to be right in matters on which the established authorities
are wrong. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090924/ecf222da/attachment.pgp>



More information about the ffmpeg-devel mailing list