[FFmpeg-trac] #9155(avcodec:closed): Backporting of fixes for CVE-2020-35965/oss-fuzz issue 26532 to FFmpeg 4.3
FFmpeg
trac at avcodec.org
Sat Mar 20 22:02:50 EET 2021
#9155: Backporting of fixes for CVE-2020-35965/oss-fuzz issue 26532 to FFmpeg 4.3
-------------------------------------+-------------------------------------
Reporter: diabonas | Owner:
Type: defect | Status: closed
Priority: normal | Component: avcodec
Version: unspecified | Resolution:
| needs_more_info
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Comment (by diabonas):
Personally, I would consider a potentially incomplete fix for a security
issue a bug, not a support request...
I am somewhat confused: if oss-fuzz issue 26532 was never present on the
FFmpeg 4.3 branch, then why was commit
3e5959b3457f7f1856d997261e6ac672bba49e8b ("avcodec/exr: Check ymin vs. h")
explicitly backported to FFmpeg 4.3.2 at all, and why not in combination
with commit b0a8b40294ea212c1938348ff112ef1b9bf16bb3 ("avcodec/exr: skip
bottom clearing loop when its outside the image")?
My worry is that the issue could still be present in FFmpeg 4.3.2 and
might just require a slightly different reproducer there: after all, the
earliest release that commit 3e5959b3457f7f1856d997261e6ac672bba49e8b has
been backported to is 4.3.2, so even if that commit is enough to fix the
issue, the problem should still be reproducible in FFmpeg 4.3.1 somehow.
If it isn't reproducible in version 4.3.1 as well, this would mean one of
two things:
1. The bug was never present on the 4.3 branch to begin with (the good
case), or
2. The reproducer doesn't apply to the 4.3 branch and the issue might only
be partially fixed (less great).
--
Ticket URL: <https://trac.ffmpeg.org/ticket/9155#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list