[FFmpeg-devel] [PATCH] Fix heap-buffer-overflow in matroska_parse_block

Michael Niedermayer michaelni at gmx.at
Wed Mar 27 23:56:22 CET 2013

On Wed, Mar 27, 2013 at 03:34:02PM -0700, Matthew Wolenetz wrote:
> This patch fixes an issue encountered downstream in Chromium.
> matroska_parse_block (together with matroska_parse_laces) needs to subtract
> the lace metadata size from the buffer size, otherwise it still appears
> possible in upstream FFmpeg that out-of-bounds reads could occur later, for
> example in matroska_parse_rm_audio.
> Note: Dale Curtis <dalecurtis at chromium.org> is the original author of this
> patch.
> Matt




Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

DNS cache poisoning attacks, popular search engine, Google internet authority
dont be evil, please
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130327/a54cc379/attachment.asc>

More information about the ffmpeg-devel mailing list