[FFmpeg-devel] [PATCH] avformat/iamf_parse: ambisonics mode > 1 will crash
Michael Niedermayer
michael at niedermayer.cc
Mon Dec 2 02:26:48 EET 2024
On Sat, Nov 30, 2024 at 03:24:31PM -0300, James Almer wrote:
> On 11/29/2024 2:17 PM, Michael Niedermayer wrote:
> > ambisonics mode > 1 does not initialize any layer but layer 0
> > is unconditionally dereferenced
> >
> > Fixes: poc-2024-11
> > Fixes: null pointer dereference
> > Found-by: 苏童 <220235212 at seu.edu.cn>
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavformat/iamf_parse.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c
> > index 4aed894796f..1e1de167e6d 100644
> > --- a/libavformat/iamf_parse.c
> > +++ b/libavformat/iamf_parse.c
> > @@ -413,7 +413,7 @@ static int ambisonics_config(void *s, AVIOContext *pb,
> > ambisonics_mode = ffio_read_leb(pb);
> > if (ambisonics_mode > 1)
> > - return 0;
> > + return AVERROR_INVALIDDATA;
> > output_channel_count = avio_r8(pb); // C
> > substream_count = avio_r8(pb); // N
>
> Ok, but change the commit subject to something like "reject ambisonics mode
> > 1" or "abort on ambisonics mode > 1".
will apply with that change
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
z(9) = an object that transcends all computable functions describable
in finite terms. - ChatGPT in 2024
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20241202/c599ef93/attachment.sig>
More information about the ffmpeg-devel
mailing list