[FFmpeg-devel] libavcodec/als: remove check for predictor order of a block
Ronald S. Bultje
rsbultje at gmail.com
Sat Oct 14 21:51:16 EEST 2017
Hi Umair,
On Sat, Oct 14, 2017 at 1:43 PM, Umair Khan <omerjerk at gmail.com> wrote:
> On Sat, Oct 14, 2017 at 8:02 PM, Ronald S. Bultje <rsbultje at gmail.com>
> wrote:
> > Hi Umair,
> >
> > On Sat, Oct 14, 2017 at 9:59 AM, Umair Khan <omerjerk at gmail.com> wrote:
> >
> >> I tested the file which Michael sent. The thing is that I'm getting
> >> error in decoding that file in both the cases, with or without the
> >> patch. I will begin debugging this issue, however I think the file
> >> which Michael sent has got nothing to do with the patch in this
> >> thread.
> >>
> >
> > I don't think the file is meant to be decoded correctly, it's a specially
> > crafted file to demonstrate that certain codepaths (triggered by files
> such
> > as this) can be used to trigger unwanted behaviour (overreads,
> overwrites,
> > etc.). Eventually, combinations of such files can be used to break into
> > your system with specially crafted media files (yes, really).
> >
> > Your patch introduces such a security issue (since it's triggered by the
> > file after, but not before the patch). This must be fixed before the
> patch
> > can be committed.
>
> Okay. You mean the file isn't supposed to be decoded and that the als
> decoder should output the proper error message instead of breaking at
> a random point. Am I getting it correct?
>
More specifically: after your patch, you'll notice that address sanitizer
(clang -fsanitize=address) or valgrind output warnings when decoding this
file. These warnings should be tracked down and fixed.
Ronald
More information about the ffmpeg-devel
mailing list