[SCM] libav/experimental: Check codec_id and codec_type in avcodec_open(), based on 43_codec_type_mismatch.patch from chrome This is said to be able to lead to a stack based buffer overflow.
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Jun 30 16:51:41 UTC 2013
The following commit has been merged in the experimental branch:
commit 4c0dda2b3f45471faa233c62205e712fb072a76b
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Tue Sep 22 22:44:56 2009 +0000
Check codec_id and codec_type in avcodec_open(), based on 43_codec_type_mismatch.patch from chrome
This is said to be able to lead to a stack based buffer overflow.
Originally committed as revision 19973 to svn://svn.ffmpeg.org/ffmpeg/trunk
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 1ec039e..c31608d 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -481,7 +481,10 @@ int attribute_align_arg avcodec_open(AVCodecContext *avctx, AVCodec *codec)
}
avctx->codec = codec;
- avctx->codec_id = codec->id;
+ if(avctx->codec_id != codec->id || avctx->codec_type != codec->type){
+ av_log(avctx, AV_LOG_ERROR, "codec type or id mismatches\n");
+ goto end;
+ }
avctx->frame_number = 0;
if(avctx->codec->init){
ret = avctx->codec->init(avctx);
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list