[FFmpeg-devel] Security issues?

Mike Melanson mike
Thu Sep 24 08:39:50 CEST 2009


Michael Niedermayer wrote:
> On Tue, Sep 22, 2009 at 08:09:08PM +0200, Michael Niedermayer wrote:
>> Hi
>>
>> lars has mailed me the following 2 links
>> http://www.heise.de/newsticker/Sicherheitsluecken-in-VLC-und-FFmpeg--/meldung/145655
>> http://secunia.com/advisories/36805/
> 
> vp3 malloc()==NULL checks (not security id assume)
> 
> http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/ffmpeg/patches/to_upstream/28_theora_malloc_checks.patch?revision=24934&view=markup
> 
> this one can maybe be applied as is

Applied (with one more alloc check that they missed).

> also i think vp3 has a memleak in the init_vlc failure case of vp3_decode_init

I don't see it. All of the init_vlc() functions have corresponding 
free_vlc() functions in vp3_decode_end().


-- 
     -Mike Melanson



More information about the ffmpeg-devel mailing list