[FFmpeg-devel] Security issues?

Måns Rullgård mans
Wed Sep 23 21:24:51 CEST 2009


Michael Niedermayer <michaelni at gmx.at> writes:

> On Wed, Sep 23, 2009 at 11:11:37AM -0700, Baptiste Coudurier wrote:
>> On 09/23/2009 02:33 AM, Michael Niedermayer wrote:
>>> On Tue, Sep 22, 2009 at 08:09:08PM +0200, Michael Niedermayer wrote:
>>>> Hi
>>>>
>>>> lars has mailed me the following 2 links
>>>> http://www.heise.de/newsticker/Sicherheitsluecken-in-VLC-und-FFmpeg--/meldung/145655
>>>> http://secunia.com/advisories/36805/
>>>
>>> next is for mov:
>>>
>>> http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/ffmpeg/patches/to_upstream/35_mov_bad_timings.patch?revision=25101&view=markup
>>>
>>> this probably isnt security relevant but still should be fixed
>>> issue is that 32bits are read into an (signed) int and thus one can
>>> end with a negative time_scale, chromes patch looks wrong
>>> changing time_scale to unsigned seems the solution at first but its
>>> assigned to sample_rate and time_base which themselfs are signed ...
>>
>> Yes patch is wrong, specs says time_scale is unsigned. Field must be 
>> changed to unsigned. 
>
>> sample_rate and time_base should also be unsigned 
>> IMHO, but this might have side effects ...
>
> time_base is AVRational which are 2 signed ints, its hard to change that

AVURational?

-- 
M?ns Rullg?rd
mans at mansr.com



More information about the ffmpeg-devel mailing list