[FFmpeg-devel] Security issues?
Michael Niedermayer
michaelni
Tue Sep 22 21:08:13 CEST 2009
On Tue, Sep 22, 2009 at 08:09:08PM +0200, Michael Niedermayer wrote:
> Hi
>
> lars has mailed me the following 2 links
> http://www.heise.de/newsticker/Sicherheitsluecken-in-VLC-und-FFmpeg--/meldung/145655
> http://secunia.com/advisories/36805/
one issue from chromium
in vorbis_dec.c
for(i=0;i<mapping->submaps;++i) {
vorbis_residue *residue;
uint_fast8_t ch=0;
for(j=0;j<vc->audio_channels;++j) {
if ((mapping->submaps==1) || (i=mapping->mux[j])) {
^
= -> ==
vorbis maintainer?
res_chan[j]=res_num;
if (no_residue[j]) {
do_not_decode[ch]=1;
} else {
do_not_decode[ch]=0;
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Opposition brings concord. Out of discord comes the fairest harmony.
-- Heraclitus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090922/30d01e00/attachment.pgp>
More information about the ffmpeg-devel
mailing list