[FFmpeg-devel] Security issues?
Siarhei Siamashka
siarhei.siamashka
Tue Sep 22 22:00:21 CEST 2009
On Tuesday 22 September 2009, Michael Niedermayer wrote:
> On Tue, Sep 22, 2009 at 08:09:08PM +0200, Michael Niedermayer wrote:
> > Hi
> >
> > lars has mailed me the following 2 links
> > http://www.heise.de/newsticker/Sicherheitsluecken-in-VLC-und-FFmpeg--/mel
> >dung/145655 http://secunia.com/advisories/36805/
>
> one issue from chromium
> in vorbis_dec.c
>
> for(i=0;i<mapping->submaps;++i) {
> vorbis_residue *residue;
> uint_fast8_t ch=0;
>
> for(j=0;j<vc->audio_channels;++j) {
> if ((mapping->submaps==1) || (i=mapping->mux[j])) {
> ^
> = -> ==
http://xiph.org/vorbis/doc/Vorbis_I_spec.html#x1-750004.3.4
Looks like a natural change '=' -> '==' is needed.
Additionally it is quite strange that the code has (mapping->submaps==1) part.
Maybe it is some other bug intended to cancel the effect of the abovementioned
one? This code has no SVN history except for initial addition.
There is also a bug reported specifically against vorbis residue decoding:
https://roundup.mplayerhq.hu/roundup/ffmpeg/issue1353
And a Chrome's patch is linked there, which would kill the performance
pretty badly. Suboptimal bitstream processing in residue decoding already
costs up to 8-10% performance on AMD64/PPC, impact is less on X86.
Does anyone want this issue fixed (without a noticeable performance impact)?
--
Best regards,
Siarhei Siamashka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090922/692b6cdd/attachment.pgp>
More information about the ffmpeg-devel
mailing list