[FFmpeg-devel] [libav-devel] [PATCH] libopusdec: fix out-of-bounds read

Carl Eugen Hoyos ceffmpeg at gmail.com
Tue Nov 15 02:28:33 EET 2016


2016-11-14 23:40 GMT+01:00 Andreas Cadhalpun <andreas.cadhalpun at googlemail.com>:
> On 14.11.2016 22:59, Carl Eugen Hoyos wrote:
>> 2016-11-14 21:55 GMT+01:00 Andreas Cadhalpun <andreas.cadhalpun at googlemail.com>:
>>
>>>> channels being zero is perfectly valid, it means the caller does not
>>>> know the channel count and expects the decoder to read it from the
>>>> bitstream.
>>>
>>> In general code this is correct, however if e.g. the matroska demuxer
>>> reads an audio stream which claims to have 0 channels, it should
>>> be rejected as broken.
>>
>> I don't know the exact "broken" case you are referring to but
>> generally, FFmpeg should not reject files because a field in
>> their header is set incorrectly, especially if such "broken"
>> files were played in the past.
>
> Well, if the field should contain the number of channels but doesn't,
> the sample is not correct.

Assuming the opus bitstream contains the number of channels,
the value in the demuxer should be ignored by default.

Carl Eugen


More information about the ffmpeg-devel mailing list