Bug#320150: marked as done (ffmpeg: Integer overflow in MPEG encoding)

Debian Bug Tracking System Thu, 18 Aug 2005 06:56:08 -0700

Your message dated Thu, 18 Aug 2005 06:32:07 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#320150: fixed in ffmpeg 0.cvs20050811-1
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Jul 2005 11:02:20 +0000
>From [EMAIL PROTECTED] Wed Jul 27 04:02:20 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de) 
[193.22.164.111] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1Dxjg3-0003uM-00; Wed, 27 Jul 2005 04:02:20 -0700
Received: from dsl-084-059-153-054.arcor-ip.net ([84.59.153.54] 
helo=localhost.localdomain)
        by vserver151.vserver151.serverflex.de with esmtpsa 
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1Dxjg1-0003QG-M6
        for [EMAIL PROTECTED]; Wed, 27 Jul 2005 13:02:17 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.52)
        id 1Dxjg0-0001eE-0T; Wed, 27 Jul 2005 13:02:16 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: ffmpeg: Integer overflow in MPEG encoding
X-Mailer: reportbug 3.15
Date: Wed, 27 Jul 2005 13:02:15 +0200
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.59.153.54
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02

Package: ffmpeg
Version: 0.cvs20050626-2
Severity: important
Tags: security

I'm quoting the CVS log message from Michael Niedermeyer in verbose:

Update of /cvsroot/ffmpeg/ffmpeg/libavcodec
In directory mail:/var2/tmp/cvs-serv7818

Modified Files:
        mpegvideo.c
Log Message:
Fix for overflow issue in mpegvideo.c patch by (Martin Boehme: boehme, inb 
uni-luebeck de)
this integer overflow might lead to the execution of arbitrary code during 
encoding with threads


Index: mpegvideo.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavcodec/mpegvideo.c,v
retrieving revision 1.486
retrieving revision 1.487
diff -u -d -r1.486 -r1.487
--- mpegvideo.c 14 Jul 2005 21:39:35 -0000      1.486
+++ mpegvideo.c 25 Jul 2005 23:07:27 -0000      1.487
@@ -2316,8 +2316,8 @@
         int start_y= s->thread_context[i]->start_mb_y;
         int   end_y= s->thread_context[i]->  end_mb_y;
         int h= s->mb_height;
-        uint8_t *start= buf + buf_size*start_y/h;
-        uint8_t *end  = buf + buf_size*  end_y/h;
+        uint8_t *start= buf + (size_t)(((int64_t) buf_size)*start_y/h);
+        uint8_t *end  = buf + (size_t)(((int64_t) buf_size)*  end_y/h);

         init_put_bits(&s->thread_context[i]->pb, start, end - start);
     }

Cheers,
        Moritz



-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages ffmpeg depends on:
ii  libc6         2.3.2.ds1-22               GNU C Library: Shared libraries an
ii  libdc1394-13  1.1.0-2                    high level programming interface f
ii  libfreetype6  2.1.10-1                   FreeType 2 font engine, shared lib
ii  libimlib2     1.2.0-2.2                  powerful image loading and renderi
ii  libogg0       1.1.2-1                    Ogg Bitstream Library
ii  libraw1394-5  0.10.1-1.1                 library for direct access to IEEE 
ii  libsdl1.2debi 1.2.7+1.2.8cvs20041007-5.3 Simple DirectMedia Layer
ii  libvorbis0a   1.1.0-1                    The Vorbis General Audio Compressi
ii  libvorbisenc2 1.1.0-1                    The Vorbis General Audio Compressi
ii  libx11-6      6.8.2.dfsg.1-4             X Window System protocol client li
ii  xlibs         6.8.2.dfsg.1-4             X Window System client libraries m
ii  zlib1g        1:1.2.3-1                  compression library - runtime

ffmpeg recommends no packages.

-- no debconf information

---------------------------------------
Received: (at 320150-close) by bugs.debian.org; 18 Aug 2005 13:39:44 +0000
>From [EMAIL PROTECTED] Thu Aug 18 06:39:44 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1E5kV5-0005Q5-00; Thu, 18 Aug 2005 06:32:07 -0700
From: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#320150: fixed in ffmpeg 0.cvs20050811-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 18 Aug 2005 06:32:07 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2

Source: ffmpeg
Source-Version: 0.cvs20050811-1

We believe that the bug you reported is fixed in the latest version of
ffmpeg, which is due to be installed in the Debian FTP archive:

ffmpeg_0.cvs20050811-1.diff.gz
  to pool/main/f/ffmpeg/ffmpeg_0.cvs20050811-1.diff.gz
ffmpeg_0.cvs20050811-1.dsc
  to pool/main/f/ffmpeg/ffmpeg_0.cvs20050811-1.dsc
ffmpeg_0.cvs20050811-1_i386.deb
  to pool/main/f/ffmpeg/ffmpeg_0.cvs20050811-1_i386.deb
ffmpeg_0.cvs20050811.orig.tar.gz
  to pool/main/f/ffmpeg/ffmpeg_0.cvs20050811.orig.tar.gz
libavcodec-dev_0.cvs20050811-1_i386.deb
  to pool/main/f/ffmpeg/libavcodec-dev_0.cvs20050811-1_i386.deb
libavformat-dev_0.cvs20050811-1_i386.deb
  to pool/main/f/ffmpeg/libavformat-dev_0.cvs20050811-1_i386.deb
libpostproc-dev_0.cvs20050811-1_i386.deb
  to pool/main/f/ffmpeg/libpostproc-dev_0.cvs20050811-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <[EMAIL PROTECTED]> (supplier of updated ffmpeg 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 11 Aug 2005 14:22:03 +0200
Source: ffmpeg
Binary: libavformat-dev ffmpeg libavcodec-dev libpostproc-dev
Architecture: source i386
Version: 0.cvs20050811-1
Distribution: unstable
Urgency: low
Maintainer: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Changed-By: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Description: 
 ffmpeg     - multimedia player, server and encoder
 libavcodec-dev - development files for libavcodec
 libavformat-dev - development files for libavformat
 libpostproc-dev - development files for libpostproc
Closes: 319563 320150
Changes: 
 ffmpeg (0.cvs20050811-1) unstable; urgency=low
 .
   * New CVS snapshot.
   * Upstream fixed an integer overflow in the MPEG encoder (Closes: #320150).
   * debian/rules:
     + Activated libgsm support.
     + Fixed theora support.
     + Switched installation method to dh_install.
   * Applied patch from Christian Aichinger and others to fix the clobbering
     of the %ebx register during build (Closes: #319563).
Files: 
 ef2563dc88053e4625a3f2065468d954 868 libs optional ffmpeg_0.cvs20050811-1.dsc
 5a30ae0250b713c2eefaabf54bf198f7 1981997 libs optional 
ffmpeg_0.cvs20050811.orig.tar.gz
 c108f02436d42b210f7381cb8823e30e 11927 libs optional 
ffmpeg_0.cvs20050811-1.diff.gz
 b9a75f09ec0295d9b0bd2f62997e7da8 4027508 graphics optional 
ffmpeg_0.cvs20050811-1_i386.deb
 009ec54503890c8318a93c98be0af64d 2430380 libdevel optional 
libavcodec-dev_0.cvs20050811-1_i386.deb
 b39696546cef374ddf47a0eab87ffdbd 45072 libdevel optional 
libpostproc-dev_0.cvs20050811-1_i386.deb
 a284bedb49f1a6fa1fa579f70ca6dfaa 517868 libdevel optional 
libavformat-dev_0.cvs20050811-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDBImAfPP1rylJn2ERAo4aAJ9SmwzmOmg+BE/6tiSnuHlTwdIVtQCfZ+Oc
oiz0zF5E+J6bT8Kpq3Y8xvY=
=U6Th
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#320150: marked as done (ffmpeg: Integer overflow in MPEG encoding)

Reply via email to