Re: CVE Request: FFmpeg 2.1 multiple problems

[Michael Niedermayer <michaelni () gmx at>]

On Thu, Nov 28, 2013 at 01:02:52AM -0700, Kurt Seifried wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ok tracked down who reported most of these, but two are still unknown:

[...]

> https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
>     avcodec/dsputil: fix signedness in sizeof() comparissions leading
>     to interger overflow and out of array accesses
> Who reported this?

IIRC after i fixed ticket2919, i searched for similar issues in
the codebase and that was what i found.


> https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445
>     Fixes out of array (on heap) writes in ffv1 decoding
>     https://trac.ffmpeg.org/ticket/2906 ami_stuff
>     Found-by: ami_stuff
[...]

> https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
>     avcodec/pngdsp: fix (un)signed type in end comparission
>     Fixes out of array writes in png decoding
>     https://trac.ffmpeg.org/ticket/2919 ami_stuff
>     Found_by: ami_stuff

[...]

> https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f
>     ffv1dec: Check bits_per_raw_sample and colorspace for equality in
> ver 0/1 headers
>     prevents inconsistency and out of array write
> Who reported this?

IIRC it probably was the result of code review which was done due to
Ticket 2906

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Rewriting code that is poorly written but fully understood is good.
Rewriting code that one doesnt understand is a sign that one is less smart
then the original author, trying to rewrite it will not make it better.

Attachment: signature.asc
Description: Digital signature