[FFmpeg-cvslog] mp3dec: Fix possibly exploitable crash
Michael Niedermayer
git at videolan.org
Thu Dec 6 16:47:54 CET 2012
ffmpeg | branch: release/0.11 | Michael Niedermayer <michaelni at gmx.at> | Fri Sep 28 01:38:44 2012 +0200| [54ac3d10d158923ead4750d36e1c9773349a5e74] | committer: Michael Niedermayer
mp3dec: Fix possibly exploitable crash
I was sadly unable to find a non fuzzed mp3 that uses the
feature that contained the bug (and i searched hard ...), thus
while this fixes the security issue. It may or may not fix
mixed blocks in 8khz mp3s, i cant say due to lack of samples to test.
Security issue exists since: b37d945dd4213cb8e92146571b0374cd45d52286
Reported-by: Dale Curtis <dalecurtis at google.com>
(Probably) Found-by: inferno at chromium.org
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 94041febc53a6da10e34c2bfff9ff1d580fdce60)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=54ac3d10d158923ead4750d36e1c9773349a5e74
---
libavcodec/mpegaudiodec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c
index 553398a..ce19ae3 100644
--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -211,7 +211,7 @@ static void ff_compute_band_indexes(MPADecodeContext *s, GranuleDef *g)
else
g->long_end = 6;
- g->short_start = 2 + (s->sample_rate_index != 8);
+ g->short_start = 3;
} else {
g->long_end = 0;
g->short_start = 0;
More information about the ffmpeg-cvslog
mailing list