[FFmpeg-devel] Possible bug in vorbis_decode_init()
Marcel Samek
msamek at gmail.com
Wed Apr 11 20:07:26 CEST 2012
I have been looking into why ffmpeg is having problems decoding some webm
files that one of our applications generates. In doing that, I came across
a possible uninitialized data bug in vorbis_decode_init()
I am not really familiar with the ffmpeg code, nor do I have time to dig
into it, so I thought I would report it here so that someone more
knowledgeable than I might look at it.
In vorbis_decode_init(), the field avccontext->channels is initialized by
being assigned the value of vc->audio_channels. However,
avccontext->channels is used prior to that initialization in the calls to
vorbis_parse_setup_hdr().
In the case of my files, this results in a "partition out of bounds" error
which is due to the fact that avccontext->channels has the wrong value.
I believe that the initialization of avccontext->channels should be done
immediately after the call to vorbis_parse_id_hdr()
Marcel
More information about the ffmpeg-devel
mailing list