[FFmpeg-devel] [PATCH] Fix heap-buffer-overflow in matroska_parse_block

Matthew Wolenetz wolenetz at chromium.org
Wed Mar 27 23:34:02 CET 2013


This patch fixes an issue encountered downstream in Chromium.
matroska_parse_block (together with matroska_parse_laces) needs to subtract
the lace metadata size from the buffer size, otherwise it still appears
possible in upstream FFmpeg that out-of-bounds reads could occur later, for
example in matroska_parse_rm_audio.

Note: Dale Curtis <dalecurtis at chromium.org> is the original author of this
patch.

Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-heap-buffer-overflow-in-matroska_parse_block.patch
Type: application/octet-stream
Size: 1531 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130327/e6803c9c/attachment.obj>


More information about the ffmpeg-devel mailing list