[Ffmpeg-devel] Bugs in Vorbis decoder

Oded Shimon ods15
Sun Sep 24 12:58:58 CEST 2006


On Sat, Sep 23, 2006 at 05:44:14PM +0300, Oded Shimon wrote:
> 2 bugs found in ffvorbis while working on my encoder. First one is simple, 
> off-by-one, 0 is a valid codebook number, -1 isn't. Patch attached, I'll 
> commit tommorrow if noone objects...

Committed this one.

> Second one is tougher - buffer overflow in vorbis.c:1304, an assumption 
> that the size of the block is 'rangebits' in the floor, when rangebits is 
> allowed by spec to be larger. The fix is to have the floor_decode function 
> know the actual size of the buffer, and not go over it.

Still withstanding.

- ods15




More information about the ffmpeg-devel mailing list