[FFmpeg-devel] [PATCH] Fix a couple of errors with bad Vorbis headers
Carl Eugen Hoyos
Sat Jan 15 17:29:06 CET 2011
Michael Niedermayer <michaelni <at> gmx.at> writes:
> these 2 hunks look ok to me though ive not deeply investigated.
> They definitly should be applied ASAP though as this is a security fix
Applied and closed issue 2548.
> > @@ -653,7 +661,7 @@ static int vorbis_parse_setup_hdr_residu
> > res_setup->partition_size = get_bits(gb, 24) + 1;
> > /* Validations to prevent a buffer overflow later. */
> > if (res_setup->begin>res_setup->end ||
> > - res_setup->end > vc->avccontext->channels * vc->blocksize /
(res_setup->type == 2 ? 1 : 2) ||
> > + res_setup->end > vc->avccontext->channels * vc->blocksize / 2 ||
> this is a mystery to me
> what does this fix?
Roundup issue 2550, this is the second sample from Chrome issue 68115.
More information about the ffmpeg-devel