Bug#320150: ffmpeg: Integer overflow in MPEG encoding

Wed, 27 Jul 2005 04:26:11 -0700 

Package: ffmpeg
Version: 0.cvs20050626-2
Severity: important
Tags: security

I'm quoting the CVS log message from Michael Niedermeyer in verbose:

Update of /cvsroot/ffmpeg/ffmpeg/libavcodec
In directory mail:/var2/tmp/cvs-serv7818

Modified Files:
        mpegvideo.c
Log Message:
Fix for overflow issue in mpegvideo.c patch by (Martin Boehme: boehme, inb 
uni-luebeck de)
this integer overflow might lead to the execution of arbitrary code during 
encoding with threads


Index: mpegvideo.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavcodec/mpegvideo.c,v
retrieving revision 1.486
retrieving revision 1.487
diff -u -d -r1.486 -r1.487
--- mpegvideo.c 14 Jul 2005 21:39:35 -0000      1.486
+++ mpegvideo.c 25 Jul 2005 23:07:27 -0000      1.487
@@ -2316,8 +2316,8 @@
         int start_y= s->thread_context[i]->start_mb_y;
         int   end_y= s->thread_context[i]->  end_mb_y;
         int h= s->mb_height;
-        uint8_t *start= buf + buf_size*start_y/h;
-        uint8_t *end  = buf + buf_size*  end_y/h;
+        uint8_t *start= buf + (size_t)(((int64_t) buf_size)*start_y/h);
+        uint8_t *end  = buf + (size_t)(((int64_t) buf_size)*  end_y/h);

         init_put_bits(&s->thread_context[i]->pb, start, end - start);
     }

Cheers,
        Moritz



-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages ffmpeg depends on:
ii  libc6         2.3.2.ds1-22               GNU C Library: Shared libraries an
ii  libdc1394-13  1.1.0-2                    high level programming interface f
ii  libfreetype6  2.1.10-1                   FreeType 2 font engine, shared lib
ii  libimlib2     1.2.0-2.2                  powerful image loading and renderi
ii  libogg0       1.1.2-1                    Ogg Bitstream Library
ii  libraw1394-5  0.10.1-1.1                 library for direct access to IEEE 
ii  libsdl1.2debi 1.2.7+1.2.8cvs20041007-5.3 Simple DirectMedia Layer
ii  libvorbis0a   1.1.0-1                    The Vorbis General Audio Compressi
ii  libvorbisenc2 1.1.0-1                    The Vorbis General Audio Compressi
ii  libx11-6      6.8.2.dfsg.1-4             X Window System protocol client li
ii  xlibs         6.8.2.dfsg.1-4             X Window System client libraries m
ii  zlib1g        1:1.2.3-1                  compression library - runtime

ffmpeg recommends no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to