[FFmpeg-devel] [PATCH] Fix a couple of errors with bad Vorbis headers

Carl Eugen Hoyos cehoyos
Sat Jan 15 17:29:06 CET 2011


Michael Niedermayer <michaelni <at> gmx.at> writes:

> these 2 hunks look ok to me though ive not deeply investigated.
> They definitly should be applied ASAP though as this is a security fix

Applied and closed issue 2548.

> > @@ -653,7 +661,7 @@ static int vorbis_parse_setup_hdr_residu
> >  res_setup->partition_size = get_bits(gb, 24) + 1;
> >  /* Validations to prevent a buffer overflow later. */
> >  if (res_setup->begin>res_setup->end ||
> > -    res_setup->end > vc->avccontext->channels * vc->blocksize[1] /
(res_setup->type == 2 ? 1 : 2) ||
> > +    res_setup->end > vc->avccontext->channels * vc->blocksize[1] / 2 ||

> this is a mystery to me
> what does this fix?

Roundup issue 2550, this is the second sample from Chrome issue 68115.

Carl Eugen




More information about the ffmpeg-devel mailing list