[FFmpeg-trac] #11471(avformat:new): Integer wrap-around in oggparsevorbis.c vorbis_packet() final packet handling creating frames with very long duration
FFmpeg
trac at avcodec.org
Sat Feb 15 19:50:45 EET 2025
#11471: Integer wrap-around in oggparsevorbis.c vorbis_packet() final packet
handling creating frames with very long duration
-------------------------------------+-------------------------------------
Reporter: Jøger | Type: defect
Hansegård |
Status: new | Priority: normal
Component: avformat | Version: 7.0
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
With attached file, unsigned integer wrap-around in
oggparsevorbis.c/vorbis_packet() during the calculation of
priv->final_duration/os->pduration creates packets with very long
durations (4294967232us). The os->end_trimming also becomes invalid, which
prevents the discard_samples() function from discarding the padding. Here
discard_padding becomes greater than the number of samples in the frame,
allowing the AVFrame with a long duration to pass through.
How to reproduce:
{{{
% ffprobe -show_frames -show_packets corrupt_end.ogg
ffprobe version 7.0.2-full_build-www.gyan.dev Copyright (c) 2007-2024 the
FFmpeg developers
built with gcc 13.2.0 (Rev5, Built by MSYS2 project)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/11471>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list