[FFmpeg-devel] Security issues?

Michael Niedermayer michaelni
Wed Sep 23 12:35:56 CEST 2009


On Tue, Sep 22, 2009 at 11:00:21PM +0300, Siarhei Siamashka wrote:
> On Tuesday 22 September 2009, Michael Niedermayer wrote:
> > On Tue, Sep 22, 2009 at 08:09:08PM +0200, Michael Niedermayer wrote:
> > > Hi
> > >
> > > lars has mailed me the following 2 links
> > > http://www.heise.de/newsticker/Sicherheitsluecken-in-VLC-und-FFmpeg--/mel
> > >dung/145655 http://secunia.com/advisories/36805/
> >
> > one issue from chromium
> > in vorbis_dec.c
> >
> >     for(i=0;i<mapping->submaps;++i) {
> >         vorbis_residue *residue;
> >         uint_fast8_t ch=0;
> >
> >         for(j=0;j<vc->audio_channels;++j) {
> >             if ((mapping->submaps==1) || (i=mapping->mux[j])) {
> >                                            ^
> > = -> ==
> 
> http://xiph.org/vorbis/doc/Vorbis_I_spec.html#x1-750004.3.4
> 
> Looks like a natural change '=' -> '==' is needed.

applied


> 
> Additionally it is quite strange that the code has (mapping->submaps==1) part.
> Maybe it is some other bug intended to cancel the effect of the abovementioned
> one? This code has no SVN history except for initial addition.




> 
> 
> There is also a bug reported specifically against vorbis residue decoding:
> https://roundup.mplayerhq.hu/roundup/ffmpeg/issue1353
> And a Chrome's patch is linked there, which would kill the performance
> pretty badly. Suboptimal bitstream processing in residue decoding already
> costs up to 8-10% performance on AMD64/PPC, impact is less on X86.
> 

> Does anyone want this issue fixed (without a noticeable performance impact)?

yes

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Avoid a single point of failure, be that a person or equipment.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090923/8e3d11f2/attachment.pgp>



More information about the ffmpeg-devel mailing list