[FFmpeg-devel] Possible bug in vorbis_decode_init()

Reimar Döffinger Reimar.Doeffinger at gmx.de
Wed Apr 11 21:04:05 CEST 2012


On Wed, Apr 11, 2012 at 11:07:26AM -0700, Marcel Samek wrote:
> I have been looking into why ffmpeg is having problems decoding some webm
> files that one of our applications generates. In doing that, I came across
> a possible uninitialized data bug in vorbis_decode_init()
> 
> I am not really familiar with the ffmpeg code, nor do I have time to dig
> into it, so I thought I would report it here so that someone more
> knowledgeable than I might look at it.
> 
> In vorbis_decode_init(), the field avccontext->channels is initialized by
> being assigned the value of vc->audio_channels. However,
> avccontext->channels is used prior to that initialization in the calls to
> vorbis_parse_setup_hdr().

Ugh, all other code in that file uses vc->audio_channels, not the
AVCodeContext value.
That is certainly a bug, and not a good idea to have in an overflow
check code.


More information about the ffmpeg-devel mailing list