[FFmpeg-trac] #182(avformat:open): libavformat crashes on damaged mp3
FFmpeg
trac at avcodec.org
Tue May 10 01:39:26 CEST 2011
#182: libavformat crashes on damaged mp3
-----------------------+-----------------------
Reporter: jwarren | Owner:
Type: defect | Status: open
Priority: important | Component: avformat
Version: git-master | Resolution:
Keywords: regression | Blocked By:
Blocking: | Reproduced: 1
Analyzed: 0 |
-----------------------+-----------------------
Comment (by saste):
This is due to the code:
if (tflags & ID3v2_FLAG_DATALEN) {
avio_rb32(s->pb);
tlen -= 4;
}
when tlen = 3, results in integer underflow (tlen is unsigned), and the
following av_fast_realloc() will fail and will crash when reading the NULL
buffer.
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/182#comment:3>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list