[Ffmpeg-devel] Bugs in Vorbis decoder
Balatoni Denes
dbalatoni
Sun Sep 24 18:13:49 CEST 2006
Hi!
szombat 23 szeptember 2006 16.44-kor Oded Shimon ezeket a bolcs gondolatokat
fogalmazta meg:
> 2 bugs found in ffvorbis while working on my encoder. First one is simple,
> off-by-one, 0 is a valid codebook number, -1 isn't. Patch attached, I'll
> commit tommorrow if noone objects...
Seems that you are right, I don't know how it got in.
> Second one is tougher - buffer overflow in vorbis.c:1304, an assumption
> that the size of the block is 'rangebits' in the floor, when rangebits is
> allowed by spec to be larger. The fix is to have the floor_decode function
> know the actual size of the buffer, and not go over it.
You are right again. A fix for this would be appreciated :) So you would pass
in the blocksize (which depends on whether it's a short or a long block) as
an additional argument to to floor1_decode, right ?
> - ods15
thanks,
bye
Denes
More information about the ffmpeg-devel
mailing list