[FFmpeg-devel] FLAC crash on invalid data

Uoti Urpala uoti.urpala
Thu Oct 4 04:30:21 CEST 2007 

metadata_parse() does
            metadata_size = get_bits_long(&s->gb, 24);
then
                    for (i=0; i<metadata_size; i++)
                        skip_bits(&s->gb, 8);
with no sanity checks against read buffer size.

More information about the ffmpeg-devel mailing list