[FFmpeg-devel] Security issues?

Baptiste Coudurier baptiste.coudurier
Wed Sep 23 20:11:37 CEST 2009


On 09/23/2009 02:33 AM, Michael Niedermayer wrote:
> On Tue, Sep 22, 2009 at 08:09:08PM +0200, Michael Niedermayer wrote:
>> Hi
>>
>> lars has mailed me the following 2 links
>> http://www.heise.de/newsticker/Sicherheitsluecken-in-VLC-und-FFmpeg--/meldung/145655
>> http://secunia.com/advisories/36805/
>
> next is for mov:
>
> http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/ffmpeg/patches/to_upstream/35_mov_bad_timings.patch?revision=25101&view=markup
>
> this probably isnt security relevant but still should be fixed
> issue is that 32bits are read into an (signed) int and thus one can
> end with a negative time_scale, chromes patch looks wrong
> changing time_scale to unsigned seems the solution at first but its
> assigned to sample_rate and time_base which themselfs are signed ...

Yes patch is wrong, specs says time_scale is unsigned. Field must be 
changed to unsigned. sample_rate and time_base should also be unsigned 
IMHO, but this might have side effects ...

-- 
Baptiste COUDURIER
Key fingerprint                 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
FFmpeg maintainer                                  http://www.ffmpeg.org



More information about the ffmpeg-devel mailing list