[FFmpeg-devel] [libav-devel] [PATCH] libopusdec: fix out-of-bounds read

Hendrik Leppkes h.leppkes at gmail.com
Tue Nov 15 00:06:53 EET 2016

On Mon, Nov 14, 2016 at 9:55 PM, Andreas Cadhalpun
<andreas.cadhalpun at googlemail.com> wrote:
> On 14.11.2016 20:54, Anton Khirnov wrote:
>> Quoting Andreas Cadhalpun (2016-11-14 20:30:10)
>>> On 14.11.2016 00:01, Luca Barbato wrote:
>>>> On 13/11/2016 19:23, Andreas Cadhalpun wrote:
>>>>> avc->channels can be 0.
>>>> 0 and less than zero shouldn't be an error?
>>> Such values should be rejected, wherever they are set.
>>> However, ensuring that is a larger change I'm currently
>>> working on.
>>> Meanwhile, this patch is a trivial fix for the potential
>>> security problem that can easily be backported.
>> channels being zero is perfectly valid, it means the caller does not
>> know the channel count and expects the decoder to read it from the
>> bitstream.
> In general code this is correct, however if e.g. the matroska demuxer
> reads an audio stream which claims to have 0 channels, it should
> be rejected as broken.

Well, not necessarily. Just because the container info is wrong or
missing does not mean the stream is undecodable - not all containers
have such levels of info after all, or sometimes none (see mpegts).
Compressed codecs are often designed to be independent of container info.

- Hendrik

More information about the ffmpeg-devel mailing list