[FFmpeg-devel] libavcodec/als: remove check for predictor order of a block

Umair Khan omerjerk at gmail.com
Sat Oct 14 20:43:57 EEST 2017


On Sat, Oct 14, 2017 at 8:02 PM, Ronald S. Bultje <rsbultje at gmail.com> wrote:
> Hi Umair,
>
> On Sat, Oct 14, 2017 at 9:59 AM, Umair Khan <omerjerk at gmail.com> wrote:
>
>> I tested the file which Michael sent. The thing is that I'm getting
>> error in decoding that file in both the cases, with or without the
>> patch. I will begin debugging this issue, however I think the file
>> which Michael sent has got nothing to do with the patch in this
>> thread.
>>
>
> I don't think the file is meant to be decoded correctly, it's a specially
> crafted file to demonstrate that certain codepaths (triggered by files such
> as this) can be used to trigger unwanted behaviour (overreads, overwrites,
> etc.). Eventually, combinations of such files can be used to break into
> your system with specially crafted media files (yes, really).
>
> Your patch introduces such a security issue (since it's triggered by the
> file after, but not before the patch). This must be fixed before the patch
> can be committed.

Okay. You mean the file isn't supposed to be decoded and that the als
decoder should output the proper error message instead of breaking at
a random point. Am I getting it correct?

-Umair


More information about the ffmpeg-devel mailing list