[FFmpeg-devel] [libav-devel] [PATCH] libopusdec: fix out-of-bounds read
h.leppkes at gmail.com
Tue Nov 15 00:06:53 EET 2016
On Mon, Nov 14, 2016 at 9:55 PM, Andreas Cadhalpun
<andreas.cadhalpun at googlemail.com> wrote:
> On 14.11.2016 20:54, Anton Khirnov wrote:
>> Quoting Andreas Cadhalpun (2016-11-14 20:30:10)
>>> On 14.11.2016 00:01, Luca Barbato wrote:
>>>> On 13/11/2016 19:23, Andreas Cadhalpun wrote:
>>>>> avc->channels can be 0.
>>>> 0 and less than zero shouldn't be an error?
>>> Such values should be rejected, wherever they are set.
>>> However, ensuring that is a larger change I'm currently
>>> working on.
>>> Meanwhile, this patch is a trivial fix for the potential
>>> security problem that can easily be backported.
>> channels being zero is perfectly valid, it means the caller does not
>> know the channel count and expects the decoder to read it from the
> In general code this is correct, however if e.g. the matroska demuxer
> reads an audio stream which claims to have 0 channels, it should
> be rejected as broken.
Well, not necessarily. Just because the container info is wrong or
missing does not mean the stream is undecodable - not all containers
have such levels of info after all, or sometimes none (see mpegts).
Compressed codecs are often designed to be independent of container info.
More information about the ffmpeg-devel